Vulnerabilities > CVE-2020-9889 - Out-of-bounds Write vulnerability in Apple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://support.apple.com/HT211288
- https://support.apple.com/HT211288
- https://support.apple.com/HT211289
- https://support.apple.com/HT211289
- https://support.apple.com/HT211290
- https://support.apple.com/HT211290
- https://support.apple.com/HT211291
- https://support.apple.com/HT211291
- https://www.zerodayinitiative.com/advisories/ZDI-20-1391/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1391/