Vulnerabilities > CVE-2020-3891 - Missing Authorization vulnerability in Apple Ipad OS and Iphone OS

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
apple
CWE-862

Summary

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

Vulnerable Configurations

Part Description Count
OS
Apple
258

Common Weakness Enumeration (CWE)