CVE-2020-3888: Medium severity ipados vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-3888.

Q: What is the affected software?

The affected software is Apple iOS versions up to but not including 13.4 and Apple iPadOS versions up to but not including 13.4.

Q: What is the description of this vulnerability?

This vulnerability is a logic issue in a web app that has been addressed with improved restrictions.

Q: How can I fix this vulnerability?

To fix this vulnerability, update your Apple iOS and Apple iPadOS to version 13.4 or later.

Q: Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Apple support website.

Published Mar 24, 2020

Updated

Web App. A logic issue was addressed with improved restrictions.

Other sources

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.

Credit

Darren Jones(Dappological Ltd)

Affected Software

4 affected componentsFixes available

iPadOS<13.4

iPhone OS<13.4

Apple iOS and iPadOS<13.4

13.4

Apple iOS, iPadOS, and macOS<13.4

13.4

Event History

Apr 1, 2020

CVE Published

via MITRE·05:46 PM

Data Sourced

via MITRE·05:46 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211102

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-3888.

What is the affected software?

The affected software is Apple iOS versions up to but not including 13.4 and Apple iPadOS versions up to but not including 13.4.

What is the description of this vulnerability?

This vulnerability is a logic issue in a web app that has been addressed with improved restrictions.

How can I fix this vulnerability?