CVE-2020-9950: Use After Free
First published: Wed Sep 16 2020(Updated: )
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Credit: cc Trend Micro Zero Day Initiativecc Trend Micro Zero Day InitiativeMarcin 'Icewall' Noga Cisco Taloscc Trend Micro Zero Day Initiativecc Trend Micro Zero Day InitiativeMarcin 'Icewall' Noga Cisco Taloscc Trend Micro Zero Day Initiativecc Trend Micro Zero Day InitiativeMarcin 'Icewall' Noga Cisco Taloscc Trend Micro Zero Day Initiativecc Trend Micro Zero Day InitiativeMarcin 'Icewall' Noga Cisco Taloscc Trend Micro Zero Day Initiativecc Trend Micro Zero Day Initiative product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple tvOS | <14.0 | 14.0 |
| Apple watchOS | <7.0 | 7.0 |
| Apple Safari | <14.0 | 14.0 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple Safari | <14.0 | |
| Apple iPadOS | <14.0 | |
| Apple iPhone OS | <14.0 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211845 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9993
- CVE-2020-9987
- CVE-2020-9948
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-9951
- CVE-2020-9952
- CVE-2020-9983
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-9999
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-10002
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-9876
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9954
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9946
- CVE-2020-9968
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-9950?
CVE-2020-9950 is a vulnerability in WebKit that allows for arbitrary code execution through processing maliciously crafted web content.
Which software products are affected by CVE-2020-9950?
CVE-2020-9950 affects Apple tvOS up to version 14.0, Apple macOS Big Sur up to version 11.0.1, Apple Safari up to version 14.0, Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, and Apple watchOS up to version 7.0.
How can I fix the vulnerability in Apple tvOS?
To fix the vulnerability in Apple tvOS, update to version 14.0 or later.
How can I fix the vulnerability in Apple macOS Big Sur?
To fix the vulnerability in Apple macOS Big Sur, update to version 11.0.1 or later.
How can I fix the vulnerability in Apple Safari?
To fix the vulnerability in Apple Safari, update to version 14.0 or later.
How can I fix the vulnerability in Apple iOS?
To fix the vulnerability in Apple iOS, update to version 14.0 or later.
How can I fix the vulnerability in Apple iPadOS?
To fix the vulnerability in Apple iPadOS, update to version 14.0 or later.
How can I fix the vulnerability in Apple watchOS?
To fix the vulnerability in Apple watchOS, update to version 7.0 or later.
Where can I find more information about CVE-2020-9950?
You can find more information about CVE-2020-9950 on the Apple Support website. Here are some references: [link1], [link2], [link3].
- collector/apple-support
- alias/CVE-2020-9950
- alias/CVE-2020-9951
- agent/type
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple safari
- canonical/apple macos big sur
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os