CVE-2020-9956: Input Validation
First published: Wed Sep 16 2020(Updated: )
FontParser. An out-of-bounds read was addressed with improved input validation.
Credit: Mickey Jin Junzhi Lu Trend Micro Mobile Security Research Team working with Trend MicroMickey Jin Junzhi Lu Trend Micro Mobile Security Research Team working with Trend MicroMickey Jin Junzhi Lu Trend Micro Mobile Security Research Team working with Trend MicroMickey Jin Junzhi Lu Trend Micro Mobile Security Research Team working with Trend MicroMickey Jin Junzhi Lu Trend Micro Mobile Security Research Team working with Trend Micro product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <7.0 | 7.0 |
| Apple iPadOS | <14.0. | |
| Apple iPhone OS | <14.0 | |
| Apple Mac OS X | >=10.14<10.14.6 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0<11.1.0 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 | |
| Apple tvOS | <14.0 | 14.0 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| Apple macOS | <11.0.1 | 11.0.1 |
| Apple macOS | <11.1 | 11.1 |
| Apple Catalina | ||
| Apple Mojave |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT212011 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-9960
- CVE-2020-9954
- CVE-2020-9949
- CVE-2020-9999
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-29629
- CVE-2020-9956
- CVE-2020-9962
- CVE-2020-27931
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9876
- CVE-2020-9955
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9971
- CVE-2020-9941
- CVE-2020-9989
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9969
- CVE-2020-9968
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-9849
- CVE-2020-13631
- CVE-2020-13630
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2019-14899
- CVE-2020-9988
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9996
- CVE-2020-9963
- CVE-2020-9977
- CVE-2020-9959
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-10017
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-27937
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-27942
- CVE-2020-27952
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-10002
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-27921
- CVE-2020-27904
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-27936
- CVE-2020-27941
- CVE-2020-29621
- CVE-2020-29610
- CVE-2020-27948
- CVE-2020-10001
- CVE-2020-27946
- CVE-2020-27943
- CVE-2020-27944
- CVE-2020-29624
- CVE-2020-29608
- CVE-2020-27947
- CVE-2020-29612
- CVE-2020-27939
- CVE-2020-29625
- CVE-2020-29615
- CVE-2020-29616
- CVE-2020-29618
- CVE-2020-29611
- CVE-2020-29617
- CVE-2020-29619
- CVE-2020-27949
- CVE-2020-29620
- CVE-2020-27926
- CVE-2020-29633
- CVE-2020-29614
- CVE-2020-27938
- CVE-2020-29623
- CVE-2020-15969
Frequently Asked Questions
What is CVE-2020-9956?
CVE-2020-9956 is a vulnerability in FontParser that allows for an out-of-bounds read.
How does CVE-2020-9956 affect Apple devices?
CVE-2020-9956 affects Apple devices running tvOS up to version 14.0, iOS up to version 14.0, iPadOS up to version 14.0, watchOS up to version 7.0, macOS Big Sur up to version 11.0.1, macOS Big Sur up to version 11.1, Catalina, and Mojave.
What is the severity of CVE-2020-9956?
The severity of CVE-2020-9956 is not mentioned in the provided information.
How can I fix CVE-2020-9956?
To fix CVE-2020-9956, update your Apple device to the latest available version of the affected software.
Where can I find more information about CVE-2020-9956?
You can find more information about CVE-2020-9956 at the following references: [Reference 1](https://support.apple.com/en-us/HT211843), [Reference 2](https://support.apple.com/en-us/HT212011), and [Reference 3](https://support.apple.com/en-us/HT211844).
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- vendor/apple
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.14
- version/apple mac os x/10.15
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0
- canonical/apple tvos
- canonical/apple ios
- canonical/apple catalina
- canonical/apple mojave