Security Alert (A20-03-08): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 25 March 2020

  
  

Description:

Apple has released iOS 13.4 and iPadOS 13.4 to fix multiple security vulnerabilities in various Apple devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application or website. An attacker may also bypass the lock screen to respond to messages with physical access or intercept Bluetooth traffic in a privileged network position.

 

Affected Systems:

  • iPhone 6s and later
  • iPad Air 2 and later, mini 4 and later
  • iPod touch (7th generation)

 

Impact:

A successful attack could lead to arbitrary code execution, elevation of privilege, cross-site scripting, information disclosure or system corruption.

 

Recommendation:

Apple has released iOS 13.4 and iPadOS 13.4 to address the issues.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT211102
https://www.hkcert.org/my_url/en/alert/20032502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3899 (to CVE-2020-3902)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3909 (to CVE-2020-3911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9785

 



Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags