CVE-2020-9876
Last modified
CVE-2020-9876 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. EPSS estimates a 1.95% chance of exploitation in the next 30 days.
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Icloud | < 7.20 |
| Apple | Icloud | >= 10.0, < 11.5 |
| Apple | Itunes | < 12.10.9 |
| Apple | Ipados | < 14.0 |
| Apple | Iphone Os | < 14.0 |
| Apple | Mac Os X | >= 10.13, < 10.13.6 |
| Apple | Mac Os X | >= 10.14, < 10.14.6 |
| Apple | Mac Os X | >= 10.15, < 10.15.6 |
| Apple | Mac Os X | 10.13.6 |
| Apple | Mac Os X | 10.14.6 |
| Apple | Macos | >= 11.0, <= 11.0.1 |
| Apple | Tvos | < 14.0 |
| Apple | Watchos | < 7.0 |
References
- http://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/19Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/20Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/22Mailing List, Third Party Advisory
- https://support.apple.com/kb/HT211288Vendor Advisory
- https://support.apple.com/kb/HT211289Vendor Advisory
- https://support.apple.com/kb/HT211290Vendor Advisory
- https://support.apple.com/kb/HT211291Vendor Advisory
- https://support.apple.com/kb/HT211293Vendor Advisory
- https://support.apple.com/kb/HT211294Vendor Advisory
- https://support.apple.com/kb/HT211295Vendor Advisory
- https://support.apple.com/kb/HT211843Vendor Advisory
- https://support.apple.com/kb/HT211844Vendor Advisory
- https://support.apple.com/kb/HT211850Vendor Advisory
- https://support.apple.com/kb/HT211931Vendor Advisory
- https://support.apple.com/kb/HT211935Vendor Advisory
- https://support.apple.com/kb/HT211952Vendor Advisory
- http://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/19Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/20Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Nov/22Mailing List, Third Party Advisory
- https://support.apple.com/kb/HT211288Vendor Advisory
- https://support.apple.com/kb/HT211289Vendor Advisory
- https://support.apple.com/kb/HT211290Vendor Advisory
- https://support.apple.com/kb/HT211291Vendor Advisory
- https://support.apple.com/kb/HT211293Vendor Advisory
- https://support.apple.com/kb/HT211294Vendor Advisory
- https://support.apple.com/kb/HT211295Vendor Advisory
- https://support.apple.com/kb/HT211843Vendor Advisory
- https://support.apple.com/kb/HT211844Vendor Advisory
- https://support.apple.com/kb/HT211850Vendor Advisory
- https://support.apple.com/kb/HT211931Vendor Advisory
- https://support.apple.com/kb/HT211935Vendor Advisory
- https://support.apple.com/kb/HT211952Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9876?
How severe is CVE-2020-9876?
How do I fix CVE-2020-9876?
Are you affected by CVE-2020-9876?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST