What is CVE-2020-9895?

CVE-2020-9895 is a vulnerability in Apple Icloud For Windows. Published 2020-10-16.

Is CVE-2020-9895 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Icloud For Windows

CVE-2020-9895

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20…

EPSS: 0.017 (82.7th percentile) — read the EPSS interpretation.

Affected products

Apple Icloud For Windows — versions unspecified
Apple Icloud For Windows (Legacy) — versions unspecified
Apple Ios — versions unspecified
Apple Itunes For Windows — versions unspecified
Apple Safari — versions unspecified
Apple Tvos — versions unspecified
Apple Watchos — versions unspecified

Public proof-of-concept exploits

sslab-gatech/freedom

References

support.apple.com/HT211288 (x_refsource_MISC)
support.apple.com/HT211290 (x_refsource_MISC)
support.apple.com/HT211291 (x_refsource_MISC)
support.apple.com/HT211292 (x_refsource_MISC)
support.apple.com/HT211293 (x_refsource_MISC)
support.apple.com/HT211294 (x_refsource_MISC)
support.apple.com/HT211295 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-9895?: CVE-2020-9895 is a vulnerability in Apple Icloud For Windows. Published 2020-10-16.
Is CVE-2020-9895 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.