CVE-2020-9838: Critical severity apple ios and ipados vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-9838.

Q: What is the title of this vulnerability?

The title of this vulnerability is 'Bluetooth. An out-of-bounds read was addressed with improved bounds checking.'

Q: What is the affected software?

The affected software is Apple iOS and Apple iPadOS versions up to, but not including, 13.5.

Q: How was the vulnerability addressed?

The vulnerability was addressed with improved bounds checking.

Q: Where can I find more information?

You can find more information on this vulnerability at 'https://support.apple.com/en-us/HT211168'.

Published May 20, 2020

Updated

Bluetooth. An out-of-bounds read was addressed with improved bounds checking.

Other sources

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.

Credit

Dennis Heinze@@ttdennis(TU Darmstadt), Secure Mobile Networking Lab

Affected Software

4 affected componentsFixes available

Apple iOS and iPadOS<13.5

13.5

Apple iOS, iPadOS, and macOS<13.5

13.5

Apple iOS, iPadOS, and macOS<13.5

iPhone OS<13.5

Event History

Jun 9, 2020

CVE Published

via MITRE·04:16 PM

Data Sourced

via MITRE·04:16 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211168

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-9838.

What is the title of this vulnerability?

The title of this vulnerability is 'Bluetooth. An out-of-bounds read was addressed with improved bounds checking.'

What is the affected software?

The affected software is Apple iOS and Apple iPadOS versions up to, but not including, 13.5.

How was the vulnerability addressed?