First published: Wed Jul 15 2020(Updated: )
ImageIO. An out-of-bounds read was addressed with improved input validation.
Credit: Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher Xingwei Lin AntXingwei Lin Antan anonymous researcher product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iCloud for Windows | <11.3 | 11.3 |
Apple iTunes for Windows | <12.10.8 | 12.10.8 |
Apple iCloud for Windows | <7.20 | 7.20 |
Apple macOS Catalina | <10.15.6 | 10.15.6 |
Apple Mojave | ||
Apple High Sierra | ||
Apple watchOS | <6.2.8 | 6.2.8 |
Apple tvOS | <13.4.8 | 13.4.8 |
Apple iOS | <13.6 | 13.6 |
Apple iPadOS | <13.6 | 13.6 |
Apple Icloud Windows | <7.20 | |
Apple Icloud Windows | >=10.0<11.3 | |
Apple Itunes Windows | <12.10.8 | |
Apple iPadOS | <13.6 | |
Apple iPhone OS | <13.6 | |
Apple Mac OS X | <10.15.6 | |
Apple tvOS | <13.4.8 | |
Apple watchOS | <6.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2020-9873 refers to an out-of-bounds read vulnerability in ImageIO that has been addressed with improved input validation.
CVE-2020-9873 affects various software including macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, iCloud for Windows, tvOS, and iTunes for Windows.
To fix CVE-2020-9873, you should update the affected software to the specific recommended versions provided by Apple.
You can find more information about CVE-2020-9873 on the official Apple support page.
The CWE ID for CVE-2020-9873 is 20, which corresponds to the weakness category of Improper Input Validation.