First published: Wed Jul 15 2020(Updated: )
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Credit: JunDong Xie Xingwei Lin AntJunDong Xie Xingwei Lin AntJunDong Xie Xingwei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin Ant product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <13.6 | 13.6 |
Apple iPadOS | <13.6 | 13.6 |
Apple tvOS | <13.4.8 | 13.4.8 |
Apple watchOS | <6.2.8 | 6.2.8 |
Apple iPadOS | <13.6 | |
Apple iPhone OS | <13.6 | |
Apple Mac OS X | <10.15.6 | |
Apple tvOS | <13.4.8 | |
Apple watchOS | <6.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-9890 is a vulnerability in Apple macOS, iOS, iPadOS, watchOS, and tvOS that allows for an out-of-bounds read.
CVE-2020-9890 affects Apple devices running macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, and tvOS.
The severity of CVE-2020-9890 is not specified.
CVE-2020-9890 can be fixed by updating Apple devices to the specified versions: macOS Catalina 10.15.6, iOS and iPadOS 13.6, watchOS 6.2.8, and tvOS 13.4.8.
More information about CVE-2020-9890 can be found on the official Apple support webpage: [URL].