Sign-up

ID

VAR-202004-1965


CVE

CVE-2020-9784


TITLE

Safari Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003659

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Safari Downloads is one of the download components. A security vulnerability exists in the Safari Downloads component in versions of Apple Safari prior to 13.1. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-24-5 Safari 13.1 Safari 13.1 is now available and addresses the following: Safari Downloads Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious iframe may use another website’s download settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9784: Ruilin Yang of Tencent Security Xuanwu Lab, Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@____benjamin) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition Safari We would like to acknowledge Dlive of Tencent Security Xuanwu Lab, Jacek Kolodziej of Procter & Gamble, and Justin Taft of One Up Security, LLC for their assistance. Safari Extensions We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Safari Reader We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: Safari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3 DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3 bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29 G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV 9nrxH+hfviekXKwfUo5r =JnUX -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-9784 // JVNDB: JVNDB-2020-003659 // VULHUB: VHN-187909 // PACKETSTORM: 156904

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:13.1 未満 (macos high sierra)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:13.1 未満 (macos mojave)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:13.1 未満 (macos catalina)

Trust: 0.8

sources: JVNDB: JVNDB-2020-003659 // NVD: CVE-2020-9784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9784
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003659
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-1572
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187909
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9784
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003659
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187909
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9784
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003659
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187909 // JVNDB: JVNDB-2020-003659 // CNNVD: CNNVD-202003-1572 // NVD: CVE-2020-9784

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-003659 // NVD: CVE-2020-9784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1572

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1572

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003659

PATCH
title:HT211104url:https://support.apple.com/en-us/HT211104
Trust: 0.8
title:HT211104url:https://support.apple.com/ja-jp/HT211104
Trust: 0.8
title:Apple Safari Downloads Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112984
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003659 // 
            
            
            
            CNNVD: CNNVD-202003-1572

EXTERNAL IDS
db:NVDid:CVE-2020-9784
Trust: 2.6
db:JVNid:JVNVU96545608
Trust: 0.8
db:JVNDBid:JVNDB-2020-003659
Trust: 0.8
db:CNNVDid:CNNVD-202003-1572
Trust: 0.7
db:VULHUBid:VHN-187909
Trust: 0.1
db:PACKETSTORMid:156904
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187909 // 
            
            
            
            JVNDB: JVNDB-2020-003659 // 
            
            
            
            PACKETSTORM: 156904 // 
            
            
            
            CNNVD: CNNVD-202003-1572 // 
            
            
            
            NVD: CVE-2020-9784

REFERENCES
url:https://support.apple.com/ht211104
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9784
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9784
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96545608/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211104
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3900
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3899
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3901
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3902
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9783
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3897
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3894
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3887
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3895
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3885
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187909 // 
            
            
            
            JVNDB: JVNDB-2020-003659 // 
            
            
            
            PACKETSTORM: 156904 // 
            
            
            
            CNNVD: CNNVD-202003-1572 // 
            
            
            
            NVD: CVE-2020-9784

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 156904

SOURCES
db:VULHUBid:VHN-187909
db:JVNDBid:JVNDB-2020-003659
db:PACKETSTORMid:156904
db:CNNVDid:CNNVD-202003-1572
db:NVDid:CVE-2020-9784

LAST UPDATE DATE
2024-11-23T19:52:42.513000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187909date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2020-003659date:2020-04-22T00:00:00
db:CNNVDid:CNNVD-202003-1572date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9784date:2024-11-21T05:41:16.810

SOURCES RELEASE DATE
db:VULHUBid:VHN-187909date:2020-04-01T00:00:00
db:JVNDBid:JVNDB-2020-003659date:2020-04-22T00:00:00
db:PACKETSTORMid:156904date:2020-03-25T14:34:53
db:CNNVDid:CNNVD-202003-1572date:2020-03-25T00:00:00
db:NVDid:CVE-2020-9784date:2020-04-01T18:15:18.163