Security Alert (A20-05-06): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 27 May 2020

  
  

Description:

Apple has released iOS 12.4.7, iOS 13.5 and iPadOS 13.5 to fix multiple security vulnerabilities in various Apple devices. The list of vulnerability information can be found at:

  • https://support.apple.com/en-hk/HT211168
  • https://support.apple.com/en-hk/HT211169

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later, iPad mini 2 and later
  • iPod touch 6th generation and iPod touch (7th generation)

 

Impact:

A successful attack could lead to arbitrary code execution, denial of service, data tampering, elevation of privilege, cross-site scripting, information disclosure, or security restrictions bypass.

 

Recommendation:

Apple has released new versions of iOS and iPadOS to address the issues on different Apple devices.

  • iOS 12.4.7 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch 6th generation
  • iOS 13.5 and iPadOS 13.5 for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later and iPod touch 7th generation

The updates can be obtained through the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT211168
https://support.apple.com/en-us/HT211169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9789 (to CVE-2020-9795)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805 (to CVE-2020-9809)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9811 (to CVE-2020-9816)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9818 (to CVE-2020-9821)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9825 (to CVE-2020-9827)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9837 (to CVE-2020-9839)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9842 (to CVE-2020-9844)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9852

 



Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags