Vulnerability in Apple Icloud For Windows
CVE-2020-9876
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for…
EPSS: 0.007 (73.4th percentile) — read the EPSS interpretation.
Affected products
- Apple Icloud For Windows — versions unspecified
- Apple Icloud For Windows (Legacy) — versions unspecified
- Apple Ios — versions unspecified
- Apple Itunes For Windows — versions unspecified
- Apple Macos — versions unspecified
- Apple Tvos — versions unspecified
- Apple Watchos — versions unspecified
Public proof-of-concept exploits
References
- support.apple.com/kb/HT211843 (x_refsource_CONFIRM)
- support.apple.com/kb/HT211850 (x_refsource_CONFIRM)
- support.apple.com/kb/HT211844 (x_refsource_CONFIRM)
- support.apple.com/kb/HT211289 (x_refsource_MISC)
- support.apple.com/kb/HT211288 (x_refsource_MISC)
- support.apple.com/kb/HT211290 (x_refsource_MISC)
- support.apple.com/kb/HT211291 (x_refsource_MISC)
- support.apple.com/kb/HT211293 (x_refsource_MISC)
- support.apple.com/kb/HT211294 (x_refsource_MISC)
- support.apple.com/kb/HT211295 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-9876?
- CVE-2020-9876 is a vulnerability in Apple Icloud For Windows. Published 2020-10-22.
- Is CVE-2020-9876 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.