CVE-2020-3864

HIGH | Platform: iPadOS | Changelog

CVE Details

Description

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

CVSS 3.1 Score

Metric	Value
Base Score	7.8 (HIGH)
Vector	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`

Weakness

CWE-346

References

Apple Security Advisory
NVD Entry
https://support.apple.com/en-us/HT210918 (Release Notes, Vendor Advisory)
https://support.apple.com/en-us/HT210920 (Release Notes, Vendor Advisory)
https://support.apple.com/en-us/HT210922 (Release Notes, Vendor Advisory)
https://support.apple.com/en-us/HT210923 (Release Notes, Vendor Advisory)
https://support.apple.com/en-us/HT210947 (Release Notes, Vendor Advisory)
https://support.apple.com/en-us/HT210948 (Release Notes, Vendor Advisory)