CVE-2020-9890
First published: Wed Jul 15 2020(Updated: )
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Credit: JunDong Xie Xingwei Lin AntJunDong Xie Xingwei Lin AntJunDong Xie Xingwei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin AntJunDong Xie XingWei Lin Ant product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <13.6 | 13.6 |
| Apple iPadOS | <13.6 | 13.6 |
| Apple tvOS | <13.4.8 | 13.4.8 |
| Apple watchOS | <6.2.8 | 6.2.8 |
| Apple iPadOS | <13.6 | |
| Apple iPhone OS | <13.6 | |
| Apple Mac OS X | <10.15.6 | |
| Apple tvOS | <13.4.8 | |
| Apple watchOS | <6.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211288 (Advisory)
- https://support.apple.com/en-us/HT211289 (Advisory)
- https://support.apple.com/en-us/HT211290 (Advisory)
- https://support.apple.com/en-us/HT211291 (Advisory)
- https://support.apple.com/HT211288
- https://support.apple.com/HT211289
- https://support.apple.com/HT211290
- https://support.apple.com/HT211291
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9888
- CVE-2020-9890
- CVE-2020-9891
- CVE-2020-9884
- CVE-2020-9889
- CVE-2020-9907
- CVE-2020-9931
- CVE-2020-9934
- CVE-2020-9883
- CVE-2020-9865
- CVE-2020-9900
- CVE-2020-9980
- CVE-2020-9933
- CVE-2020-9914
- CVE-2020-27933
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
- CVE-2020-9871
- CVE-2020-9872
- CVE-2020-9874
- CVE-2020-9879
- CVE-2020-9936
- CVE-2020-9937
- CVE-2020-9919
- CVE-2020-9876
- CVE-2020-9873
- CVE-2020-9938
- CVE-2020-9984
- CVE-2020-9877
- CVE-2020-9875
- CVE-2020-9923
- CVE-2019-14899
- CVE-2020-9909
- CVE-2020-9904
- CVE-2020-9863
- CVE-2020-9892
- CVE-2020-9902
- CVE-2020-9905
- CVE-2020-9926
- CVE-2019-19906
- CVE-2020-9920
- CVE-2020-9885
- CVE-2020-9878
- CVE-2020-9881
- CVE-2020-9882
- CVE-2020-9940
- CVE-2020-9985
- CVE-2020-9880
- CVE-2020-9903
- CVE-2020-9911
- CVE-2020-9868
- CVE-2020-9901
- CVE-2020-9898
- CVE-2020-9894
- CVE-2020-9915
- CVE-2020-9893
- CVE-2020-9895
- CVE-2020-9925
- CVE-2020-9910
- CVE-2020-9916
- CVE-2020-9862
- CVE-2020-6514
- CVE-2020-9918
- CVE-2020-9906
- CVE-2020-9917
- CVE-2020-9927
- CVE-2020-9928
- CVE-2020-9929
- CVE-2020-9870
- CVE-2020-9866
- CVE-2020-9869
- CVE-2020-9949
- CVE-2020-9799
- CVE-2020-9913
- CVE-2020-9887
- CVE-2020-9908
- CVE-2020-9990
- CVE-2020-9921
- CVE-2020-9924
- CVE-2020-9997
- CVE-2020-9994
- CVE-2020-9935
- CVE-2020-9922
- CVE-2020-12243
- CVE-2020-10878
- CVE-2020-12723
- CVE-2014-9512
- CVE-2020-9930
- CVE-2020-9939
- CVE-2020-9864
- CVE-2020-9854
- CVE-2019-20807
- CVE-2020-9899
Frequently Asked Questions
What is CVE-2020-9890?
CVE-2020-9890 is a vulnerability in Apple macOS, iOS, iPadOS, watchOS, and tvOS that allows for an out-of-bounds read.
How does CVE-2020-9890 affect Apple devices?
CVE-2020-9890 affects Apple devices running macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, and tvOS.
What is the severity of CVE-2020-9890?
The severity of CVE-2020-9890 is not specified.
How is CVE-2020-9890 fixed?
CVE-2020-9890 can be fixed by updating Apple devices to the specified versions: macOS Catalina 10.15.6, iOS and iPadOS 13.6, watchOS 6.2.8, and tvOS 13.4.8.
Where can I find more information about CVE-2020-9890?
More information about CVE-2020-9890 can be found on the official Apple support webpage: [URL].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- alias/CVE-2020-9890
- alias/CVE-2020-9891
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos catalina
- canonical/apple mojave
- canonical/apple high sierra
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple iphone os
- canonical/apple mac os x