PT-2020-5611 · Apple · Safari+6
Samuel Groß
·
Published
2020-10-16
·
Updated
2024-10-31
·
CVE-2020-9910
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apple iCloud versions prior to 7.19 and prior to 11.2
Apple iTunes versions prior to 12.10.7
Apple Safari versions prior to 13.1.1
Apple iPadOS versions prior to 13.5
Apple iPhoneOS versions prior to 13.5
Apple tvOS versions prior to 13.4.8
Apple watchOS versions prior to 6.2.8
Description
The issue is related to authentication errors in the operating systems and services of Apple devices. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations
For Apple iCloud versions prior to 7.19 and prior to 11.2, update to version 7.19 or 11.2 or later.
For Apple iTunes versions prior to 12.10.7, update to version 12.10.8 or later.
For Apple Safari versions prior to 13.1.1, update to version 13.1.2 or later.
For Apple iPadOS versions prior to 13.5, update to version 13.6 or later.
For Apple iPhoneOS versions prior to 13.5, update to version 13.6 or later.
For Apple tvOS versions prior to 13.4.8, update to version 13.4.8 or later.
For Apple watchOS versions prior to 6.2.8, update to version 6.2.8 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Safari
Icloud
Ipados
Iphoneos
Itunes
Tvos
Watchos