Home

CVE-2020-9789

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.342

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.10.7.3)Windows
Multiple vulnerabilities fixed in Apple iTunes (12.10.7.3)Windows
Multiple vulnerabilities fixed in iCloud 11.2Windows
Multiple vulnerabilities fixed in iCloud 7.19Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.6Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.9.6Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.6Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.10.6Windows
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.5Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.5 Combo UpdateMac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.5 (Deployment-Only)Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.5 Combo Update (Deployment-Only)Mac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.10.5Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-314350Apple iTunes (X64) (12.10.7.3)
PATCH-314349Apple iTunes (12.10.7.3)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-314442iCloud (7.19.0.10)
PATCH-310919Apple iTunes (X64) (12.10.0.7)
PATCH-310917Apple iTunes (12.10.0.7)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-602736MacOS Catalina 10.15.5 (Deployment-Only)
PATCH-602738macOS Catalina 10.15.5 Combo Update (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234