Apple discloses 30 vulnerabilities In the past days, iOS 13.4 version has appeared with many innovations and improvements. The reason for Apple users to upgrade their devices to this version is not just innovations and improvements. Security vulnerabilities are discussed with each new update. This time, however, vulnerabilities were officially disclosed, and they were cited as a reason to upgrade. Apple has confirmed 30 vulnerabilities and identified these vulnerabilities. CVE-2020-3917 Action Kit – “An application can use an SSH client provided by custom frameworks.” CVE-2020-3883 Apple Mobile File Integrity – “An application can use optional privileges.” CVE-2020-9770 Bluetooth – “An attacker in a privileged network location can catch Bluetooth traffic.” CVE-2020-3913 Core Foundation – “A malicious application can increase privileges.” CVE-2020-3916 Icons – “Setting up an alternative app icon can reveal a photo without needing permission to access the photos.” CVE-2020-9773 Icons – “A malicious application can determine what other applications a user has installed” CVE-2020-9768 Image Processing – “An application can execute arbitrary code with system privileges.” CVE-2020-3919 IOHID Family – “A malicious application can execute arbitrary code with kernel privileges.” CVE-2020-3914 Kernel – “An application can read limited memory.” CVE-2020-9785 Kernel – “A malicious application can execute arbitrary code with kernel privileges.” CVE-2020-3909 and CVE-2020-3911 libxml2 – “Multiple issues in libxml2” CVE-2020-9780 Mail – “A local user can view deleted content in the app switcher.” CVE-2020-9777 Mail Attachments – “Clipped videos may not be shared properly via Mail.” CVE-2020-3891 Messages – “A person with physical access to a locked iOS device can reply to messages even if the responses are disabled.” CVE-2020-3890 Message Composition – “Deleted message groups can still be recommended as autocomplete.” CVE-2020-9775 Safari – “A user’s private browsing event can be unexpectedly saved on Screen Time.” CVE-2020-9781 Safari – “A user can give website permissions to a site he doesn’t want.” CVE-2020-3888 Web Application – “A maliciously crafted page may conflict with other web contexts.” CVE-2020-3894 WebKit – “An application can read limited memory.” CVE-2020-3899 WebKit – “A remote attacker could cause random code execution.” CVE-2020-3902 WebKit – “Processing maliciously crafted web content can cause cross-site scripting attacks.” CVE-2020-3895 and CVE-2020-3900 WebKit – “Handling maliciously crafted web content may result in random code execution.” CVE-2020-3901 WebKit – “Handling maliciously crafted web content may result in random code execution.” CVE-2020-3887 WebKit – “The source of a download may be incorrectly associated.” CVE-2020-9783 WebKit – “Handling maliciously crafted web content may result in code execution.” CVE-2020-3897 WebKit – “A remote attacker could cause arbitrary code execution.” CVE-2020-3885 WebKit Page Load – “A file URL may have been rendered incorrectly.”
