Published on: 29 January 2020
Apple has released iOS 13.3.1 and iPadOS 13.3.1 to fix multiple security vulnerabilities in various Apple devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application or image, load a malicious crafted VPN configuration file, or answer a FaceTime call. An attacker could also bypass the lock screen to access saved contacts with physical access.
A successful attack could lead to arbitrary code execution, information disclosure, elevation of privilege or system corruption.
Apple has released iOS 13.3.1 and iPadOS 13.3.1 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-us/HT210918
https://www.hkcert.org/my_url/en/alert/20012901
https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-multiple-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3836 (to CVE-2020-3838)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3840 (to CVE-2020-3842)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3856 (to CVE-2020-3860)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3872 (to CVE-2020-3875)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3878