CVE-2020-9802

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to 10.15.3 Apple tvOS versions prior to 13.3.1 Apple watchOS versions prior to 6.1.2 Apple Safari versions prior to 13.1.1 Apple iTunes versions prior to 12.10.7 for Windows Apple iCloud for Windows versions prior to 11.2 Apple iCloud for Windows versions prior to 7.19 WebKitGTK versions prior to 2.28.3 WPE WebKit versions prior to 2.28.3 openSUSE libjavascriptcoregtk-4 0-18-2.32.4-1.1

Description A logic flaw exists within the WebKit engine, potentially allowing a remote attacker to execute arbitrary code by processing maliciously crafted web content. This issue affects multiple Apple products, including macOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows. The vulnerability is related to improper restrictions and can be exploited through specially designed web pages. The issue has been actively exploited. The vulnerability affects WebKitGTK and WPE WebKit, potentially leading to cross-site scripting, denial of service, and arbitrary code execution.

Recommendations Update Apple macOS to version 10.15.3 or later. Update Apple tvOS to version 13.3.1 or later. Update Apple watchOS to version 6.1.2 or later. Update Apple Safari to version 13.1.1 or later. Update Apple iTunes to version 12.10.7 or later for Windows. Update Apple iCloud for Windows to version 11.2 or later. Update Apple iCloud for Windows to version 7.19 or later. Update WebKitGTK to version 2.28.3 or later. Update WPE WebKit to version 2.28.3 or later. Update the libjavascriptcoregtk-4 0-18-2.32.4-1.1 package on openSUSE. Run sudo pro fix USN-4422-1 to address the vulnerability in Ubuntu systems.