CVE-2020-36521

Name of the Vulnerable Software and Affected Versions iCloud for Windows versions prior to 11.4 iCloud for Windows versions prior to 7.21 iOS versions prior to 14.0 iPadOS versions prior to 14.0 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iTunes for Windows versions prior to 12.10.9

Description The issue is related to an out-of-bounds read in the ImageIO component, which can be exploited by processing a maliciously crafted tiff file. This may lead to a denial-of-service or potentially disclose memory contents, allowing an attacker to gain unauthorized access to protected information.

Recommendations For iCloud for Windows versions prior to 11.4, update to version 11.4 or later. For iCloud for Windows versions prior to 7.21, update to version 7.21 or later. For iOS versions prior to 14.0, update to version 14.0 or later. For iPadOS versions prior to 14.0, update to version 14.0 or later. For watchOS versions prior to 7.0, update to version 7.0 or later. For tvOS versions prior to 14.0, update to version 14.0 or later. For iTunes for Windows versions prior to 12.10.9, update to version 12.10.9 or later. As a temporary workaround, consider avoiding the use of maliciously crafted tiff files until the issue is resolved.