CVE-2020-3885

MEDIUM

iOS <13.4 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

References (6)

[Release Notes, Vendor Advisory] https://support.apple.com/HT211102

[Release Notes, Vendor Advisory] https://support.apple.com/HT211101

[Release Notes, Vendor Advisory] https://support.apple.com/HT211104

[Release Notes, Vendor Advisory] https://support.apple.com/HT211105

[Release Notes, Vendor Advisory] https://support.apple.com/HT211106

[Release Notes, Vendor Advisory] https://support.apple.com/HT211107

Scores

CVSS v3 4.3

EPSS 0.0077

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-670

Status published

Products (6)

apple/icloud < 7.18

apple/ipad_os < 13.4

apple/iphone_os < 13.4

apple/itunes < 12.10.5

apple/safari < 13.1

apple/tvos < 13.4

Published Apr 01, 2020

Tracked Since Feb 18, 2026