CVE-2020-9883

EPSS 5.7%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 5.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 oct 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Productos afectados

Apple · iCloud for Windows Apple · iCloud for Windows (Legacy)Apple · iOS Apple · iTunes for Windows Apple · macOS Apple · tvOS Apple · watchOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/kb/HT211288 https://support.apple.com/kb/HT211289 https://support.apple.com/kb/HT211290 https://support.apple.com/kb/HT211291 https://support.apple.com/kb/HT211293 https://support.apple.com/kb/HT211294 https://support.apple.com/kb/HT211295 https://support.apple.com/kb/HT211931 https://www.zerodayinitiative.com/advisories/ZDI-20-1389/