CVE-2020-9983
First published: Wed Sep 16 2020(Updated: )
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
Credit: zhunki product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
| debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.44.3-1 2.44.4-1 | |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.44.3-1 2.44.4-1 | |
| tvOS | <14.0 | 14.0 |
| Apple Mobile Safari | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <7.0 | 7.0 |
| Apple iTunes | <12.10.9 | 12.10.9 |
| Apple iCloud | <11.5 | 11.5 |
| Apple iCloud for Windows | =11.5 | |
| Apple iTunes for Windows | =12.10.9 | |
| Apple Mobile Safari | <14.0 | |
| Apple iOS, iPadOS, and watchOS | <14.0 | |
| iOS | <14.0 | |
| tvOS | =14.0 | |
| Apple iOS, iPadOS, and watchOS | =7.0 | |
| Fedora | =32 | |
| Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211845 (Advisory)
- https://support.apple.com/en-us/HT211952 (Advisory)
- https://support.apple.com/en-us/HT211935 (Advisory)
- https://support.apple.com/HT211845
- https://support.apple.com/kb/HT211843
- https://support.apple.com/kb/HT211844
- https://support.apple.com/kb/HT211850
- https://support.apple.com/kb/HT211952
- http://seclists.org/fulldisclosure/2020/Nov/20
- http://seclists.org/fulldisclosure/2020/Nov/19
- http://seclists.org/fulldisclosure/2020/Nov/18
- http://seclists.org/fulldisclosure/2020/Nov/22
- http://www.openwall.com/lists/oss-security/2020/11/23/3
- https://www.debian.org/security/2020/dsa-4797
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/
- https://support.apple.com/kb/HT211935
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
- https://security.gentoo.org/glsa/202012-10
- https://launchpad.net/bugs/cve/CVE-2020-9983
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/188412
- https://www.ibm.com/support/pages/node/6493729 (Advisory)
- https://webkitgtk.org/security/WSA-2020-0008.html
- https://security-tracker.debian.org/tracker/CVE-2020-9983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9983
- https://nvd.nist.gov/vuln/detail/CVE-2020-9983
- https://ubuntu.com/security/CVE-2020-9983
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9979
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-9960
- CVE-2020-9954
- CVE-2020-9949
- CVE-2020-9999
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-29629
- CVE-2020-9956
- CVE-2020-9962
- CVE-2020-27931
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9955
- CVE-2020-9876
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9971
- CVE-2020-9969
- CVE-2020-9968
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-9849
- CVE-2020-13630
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-10013
- CVE-2020-9993
- CVE-2020-9987
- CVE-2020-9948
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2019-14899
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9996
- CVE-2020-9946
- CVE-2020-9963
- CVE-2020-9977
- CVE-2020-9959
- CVE-2020-10002
- CVE-2020-27912
- CVE-2020-27917
- CVE-2020-27911
- CVE-2020-27918
Frequently Asked Questions
What is CVE-2020-9983?
CVE-2020-9983 is a vulnerability in WebKit that allows an attacker to perform an out-of-bounds write.
What is the severity of CVE-2020-9983?
The severity of CVE-2020-9983 is not specified in the provided information.
Which software is affected by CVE-2020-9983?
CVE-2020-9983 affects Apple tvOS 14.0, Apple Safari 14.0, Apple iOS 14.0, Apple iPadOS 14.0, Apple watchOS 7.0, Apple iCloud for Windows 11.5, and Apple iTunes for Windows 12.10.9.
How can I fix CVE-2020-9983?
To fix CVE-2020-9983, update your affected software to the recommended versions provided by Apple.
Where can I find more information about CVE-2020-9983?
You can find more information about CVE-2020-9983 on the Apple support page: [https://support.apple.com/en-us/HT211845](https://support.apple.com/en-us/HT211845)
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/ibm
- canonical/ibm cloud pak for security (cp4s)
- version/ibm cloud pak for security (cp4s)/1.7.2.0
- version/ibm cloud pak for security (cp4s)/1.7.1.0
- version/ibm cloud pak for security (cp4s)/1.7.0.0
- package-manager/debian
- vendor/apple
- canonical/tvos
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- canonical/apple itunes
- canonical/apple icloud
- canonical/apple icloud for windows
- version/apple icloud for windows/11.5
- canonical/apple itunes for windows
- version/apple itunes for windows/12.10.9
- canonical/ios
- version/tvos/14.0
- version/apple ios, ipados, and watchos/7.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/32
- version/fedora/33