CVE-2020-9784: Medium severity safari vulnerability

Q: What is CVE-2020-9784?

CVE-2020-9784 is a vulnerability in Safari Downloads that allows for a logic issue to occur due to insufficient restrictions.

Q: What software is affected by CVE-2020-9784?

Safari version up to but excluding 13.1 is affected by CVE-2020-9784.

Q: How does CVE-2020-9784 affect Safari Downloads?

CVE-2020-9784 addresses a logic issue in Safari Downloads with improved restrictions to prevent exploitation.

Q: What is the severity of CVE-2020-9784?

The severity of CVE-2020-9784 is not provided in the information.

Q: How can I fix CVE-2020-9784?

To fix CVE-2020-9784, update Safari to version 13.1 or later as per the remedy provided by Apple.

Published Mar 24, 2020

Updated

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.

Other sources

Safari Downloads. A logic issue was addressed with improved restrictions.

Credit

Ruilin Yang(Tencent Security Xuanwu Lab), Ryan Pickren (ryanpickren.com)

Affected Software

2 affected componentsFixes available

Safari<13.1

13.1

Safari<13.1

Event History

Apr 1, 2020

CVE Published

via MITRE·05:56 PM

Data Sourced

via MITRE·05:56 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211104

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-9784?

CVE-2020-9784 is a vulnerability in Safari Downloads that allows for a logic issue to occur due to insufficient restrictions.

What software is affected by CVE-2020-9784?