Description
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
References (13)
Core 13
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211843
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211850
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211844
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211845
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211952
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/18
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/23/3
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4797
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211935
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202012-10
Scores
CVSS v3
8.8
EPSS
0.0224
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (9)
apple/icloud
< 11.5
apple/ipados
< 14.0
apple/iphone_os
< 14.0
apple/itunes
< 12.10.9
apple/safari
< 14.0
apple/tvos
< 14.0
apple/watchos
< 7.0
debian/debian_linux
10.0
webkit/webkitgtk\+
< 2.30.3
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026