SB2020032719 - Multiple vulnerabilities in Apple iOS and iPadOS
Published: March 27, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3917)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a security restriction bypass. A remote attacker can trick a victim to install a malicious application, cause the application to be able to use an SSH client provided by private frameworks and gain access to sensitive information on the target system.
2) Business Logic Errors (CVE-ID: CVE-2020-3885)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a file URL may be incorrectly processed.
3) Type Confusion (CVE-ID: CVE-2020-3897)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the object transition cache. A remote attacker can trick a victim to visit a malicisou page or open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Use-after-free (CVE-ID: CVE-2020-9783)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Business Logic Errors (CVE-ID: CVE-2020-3887)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a download's origin may be incorrectly associated.
6) Type Confusion (CVE-ID: CVE-2020-3901)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2020-3900)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Buffer overflow (CVE-ID: CVE-2020-3895)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Cross-site scripting (CVE-ID: CVE-2020-3902)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
10) Buffer overflow (CVE-ID: CVE-2020-3899)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Race condition (CVE-ID: CVE-2020-3894)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a race condition. A remote atacker can trick a victim to open a specially crafted file or visit a malicioous page, exploit the race and gain unauthorized access to sensitive information on the target system.
12) Business Logic Errors (CVE-ID: CVE-2020-3891)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to logical errors. A an attacker with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3883)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper permission checks in AppleMobileFileIntegrity. A remote attacker can trick a victim to install a malicious application and cause the application to be able to use arbitrary entitlements.
14) Buffer overflow (CVE-ID: CVE-2020-3911)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Buffer overflow (CVE-ID: CVE-2020-3909)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2020-3910)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2020-9785)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Out-of-bounds read (CVE-ID: CVE-2020-3914)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can use a specially crafted application, trigger out-of-bounds read error and read contents of memory on the system.
19) Buffer overflow (CVE-ID: CVE-2020-3919)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Use-after-free (CVE-ID: CVE-2020-9768)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can use a specially crafted application and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Information disclosure (CVE-ID: CVE-2020-9773)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of icon caches. A remote attacker can trick a victim to install a malicious application and identify what other applications a user has installed.
22) Improper access control (CVE-ID: CVE-2020-3916)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can set an alternate app icon and disclose a photo without needing permission to access photos.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3913)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper permissions check. A remote attacker can trick a victim to install a malicious application and use the application and gain elevated privileges on the target system.
24) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-9770)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote authenticated attacker on the local network with ability to intercept Bluetooth traffic can gain access to sensitive data.
25) Information disclosure (CVE-ID: CVE-2020-9780)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper cleared application previews when content is deleted. A local user can view deleted content in the app switcher.
26) Resource management error (CVE-ID: CVE-2020-9777)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to improper selection of video file by Mail. A remote attacker can cause cropped videos may not be shared properly via Mail.
27) Improper access control (CVE-ID: CVE-2020-3890)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in deletion messages. A remote attacker can cause the deleted messages groups may still be suggested as an autocompletion.
28) Information disclosure (CVE-ID: CVE-2020-9775)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of tabs displaying picture in picture video. A remote attacker can cause a user's private browsing activity may be unexpectedly saved in Screen Time.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-9781)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper website permission prompts after navigation. A remote autuenticated attacker can grant website permissions to a site they didn't intend to.
30) Business Logic Errors (CVE-ID: CVE-2020-3888)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to logical errors. A remote attacker can use a specially crafted page to interfere with other web contexts.
Remediation
Install update from vendor's website.