Headline
CVE-2020-9775: About the security content of iOS 13.4 and iPadOS 13.4
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user’s private browsing activity may be unexpectedly saved in Screen Time.
Released March 24, 2020
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9772: Allison Husain of UC Berkeley
Entry added May 21, 2020
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: A logic issue was addressed with improved state management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University, Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed. This issue was addressed with improved permission validation.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without needing permission to access photos
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-3919: Alex Plaskett of F-Secure Consulting
Entry updated May 21, 2020
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed with improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app switcher
Description: The issue was resolved by clearing application previews when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A user’s private browsing activity may be unexpectedly saved in Screen Time
Description: An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling.
CVE-2020-9775: Andrian (@retroplasma), Marat Turaev, Marek Wawro (futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Entry updated May 1, 2020
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn’t intend to
Description: The issue was addressed by clearing website permission prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-3918: an anonymous researcher, Augusto Alvarez of Outcourse Limited
Entry added May 1, 2020, updated May 21, 2020
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Some websites may not have appeared in Safari Preferences
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9787: Ryan Pickren (ryanpickren.com)
Entry added May 1, 2020
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: An input validation issue was addressed with improved input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A download’s origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)