CVE-2020-9951

HIGH

iCloud < 11.5 - Use-After-Free

Title source: llm
STIX 2.1

Description

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

References (13)

Core 13
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211843
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211850
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211844
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211845
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211952
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/18
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/23/3
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4797
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211935
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202012-10

Scores

CVSS v3 8.8
EPSS 0.0224
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (9)
apple/icloud < 11.5
apple/ipados < 14.0
apple/iphone_os < 14.0
apple/itunes < 12.10.9
apple/safari < 14.0
apple/tvos < 14.0
apple/watchos < 7.0
debian/debian_linux 10.0
webkit/webkitgtk\+ < 2.30.3
Published Oct 16, 2020
Tracked Since Feb 18, 2026