First published: Tue Jan 28 2020(Updated: )
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
Credit: Proteas Qihoo 360 Nirvan TeamProteas Qihoo 360 Nirvan Team product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <13.3.1 | 13.3.1 |
Apple iPadOS | <13.3.1 | 13.3.1 |
Apple watchOS | <6.1.2 | 6.1.2 |
Apple iPadOS | <13.3.1 | |
Apple iPhone OS | <13.3.1 | |
Apple watchOS | <6.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-3860 is a kernel memory corruption issue addressed with improved input validation.
The software affected by CVE-2020-3860 are Apple watchOS 6.1.2, Apple iOS up to and excluding 13.3.1, and Apple iPadOS up to and excluding 13.3.1.
The severity of CVE-2020-3860 is not specified.
To fix CVE-2020-3860, update your Apple watchOS to version 6.1.2, iOS to a version later than 13.3.1, or iPadOS to a version later than 13.3.1.
You can find more information about CVE-2020-3860 on the Apple support website using the following links: [support.apple.com/en-us/HT210921](https://support.apple.com/en-us/HT210921) and [support.apple.com/en-us/HT210918](https://support.apple.com/en-us/HT210918).