CVE-2020-9794
moderate-risk
Published 2020-06-09
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
Do I need to act?
-
0.96% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (16)
Release Notes
https://support.apple.com/HT211168
Release Notes
https://support.apple.com/HT211170
Release Notes
https://support.apple.com/HT211171
Release Notes
https://support.apple.com/HT211175
Release Notes
https://support.apple.com/HT211178
Release Notes
https://support.apple.com/HT211179
Release Notes
https://support.apple.com/HT211181
Release Notes
https://support.apple.com/HT211168
Release Notes
https://support.apple.com/HT211170
Release Notes
https://support.apple.com/HT211171
Release Notes
https://support.apple.com/HT211175
Release Notes
https://support.apple.com/HT211178
Release Notes
https://support.apple.com/HT211179
Release Notes
https://support.apple.com/HT211181
45
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
3/34 · Minimal
Exposure
14/34 · Moderate