Description
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.
Exploits (1)
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211850
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211848
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Scores
CVSS v3
7.8
EPSS
0.0418
EPSS Percentile
88.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (3)
apple/ipados
< 14.0
apple/iphone_os
< 14.0
apple/xcode
< 12.0
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026