Apple accepts 30 vulnerabilities

0

Apple, which recently released iOS 13.4, confirmed some issues in the previous version, iOS 13.3. While the firm advises its users to upgrade to the new version as soon as possible, Apple has acknowledged the 30 vulnerabilities.

Apple discloses 30 vulnerabilities
In the past days, iOS 13.4 version has appeared with many innovations and improvements. The reason for Apple users to upgrade their devices to this version is not just innovations and improvements.

Security vulnerabilities are discussed with each new update. This time, however, vulnerabilities were officially disclosed, and they were cited as a reason to upgrade. Apple has confirmed 30 vulnerabilities and identified these vulnerabilities.

CVE-2020-3917
Action Kit – “An application can use an SSH client provided by custom frameworks.”

CVE-2020-3883
Apple Mobile File Integrity – “An application can use optional privileges.”

CVE-2020-9770
Bluetooth – “An attacker in a privileged network location can catch Bluetooth traffic.”

CVE-2020-3913
Core Foundation – “A malicious application can increase privileges.”

CVE-2020-3916
Icons – “Setting up an alternative app icon can reveal a photo without needing permission to access the photos.”

CVE-2020-9773
Icons – “A malicious application can determine what other applications a user has installed”

CVE-2020-9768
Image Processing – “An application can execute arbitrary code with system privileges.”

CVE-2020-3919
IOHID Family – “A malicious application can execute arbitrary code with kernel privileges.”

CVE-2020-3914
Kernel – “An application can read limited memory.”

CVE-2020-9785
Kernel – “A malicious application can execute arbitrary code with kernel privileges.”

CVE-2020-3909 and CVE-2020-3911
libxml2 – “Multiple issues in libxml2”

CVE-2020-9780
Mail – “A local user can view deleted content in the app switcher.”

See Also
Apple blocks Facebook update for disclosing App Store fee

CVE-2020-9777
Mail Attachments – “Clipped videos may not be shared properly via Mail.”

CVE-2020-3891
Messages – “A person with physical access to a locked iOS device can reply to messages even if the responses are disabled.”

CVE-2020-3890
Message Composition – “Deleted message groups can still be recommended as autocomplete.”

CVE-2020-9775
Safari – “A user’s private browsing event can be unexpectedly saved on Screen Time.”

CVE-2020-9781
Safari – “A user can give website permissions to a site he doesn’t want.”

CVE-2020-3888
Web Application – “A maliciously crafted page may conflict with other web contexts.”

CVE-2020-3894
WebKit – “An application can read limited memory.”

CVE-2020-3899
WebKit – “A remote attacker could cause random code execution.”

CVE-2020-3902
WebKit – “Processing maliciously crafted web content can cause cross-site scripting attacks.”

CVE-2020-3895 and CVE-2020-3900
WebKit – “Handling maliciously crafted web content may result in random code execution.”

CVE-2020-3901
WebKit – “Handling maliciously crafted web content may result in random code execution.”

CVE-2020-3887
WebKit – “The source of a download may be incorrectly associated.”

CVE-2020-9783
WebKit – “Handling maliciously crafted web content may result in code execution.”

CVE-2020-3897
WebKit – “A remote attacker could cause arbitrary code execution.”

CVE-2020-3885
WebKit Page Load – “A file URL may have been rendered incorrectly.”


LEAVE A REPLY

Please enter your comment!
Please enter your name here