Released January 28, 2020

Audio

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

FaceTime

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera

Description: An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic.

CVE-2020-3869: Elisa Lee

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3826: Samuel Groß of Google Project Zero

CVE-2020-3870

CVE-2020-3878: Samuel Groß of Google Project Zero

CVE-2020-3880: Samuel Groß of Google Project Zero

Entry updated April 4, 2020

IOAcceleratorFamily

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3837: Brandon Azad of Google Project Zero

IOUSBDeviceFamily

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Entry added June 22, 2020

IPSec

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution

Description: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.

CVE-2020-3840: @littlelailo

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine kernel memory layout

Description: An access issue was addressed with improved memory management.

CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3842: Ned Williamson working with Google Project Zero

CVE-2020-3858: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc, Luyi Xing of Indiana University Bloomington

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2020-3831: Chilik Tamir of Zimperium zLabs, Corellium, Proteas of Qihoo 360 Nirvan Team

Entry updated March 19, 2020

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-3853: Brandon Azad of Google Project Zero

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3860: Proteas of Qihoo 360 Nirvan Team

libxml2

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3846: Ranier Vilela

Entry added January 29, 2020

libxpc

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3856: Ian Beer of Google Project Zero

libxpc

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-3829: Ian Beer of Google Project Zero

Mail

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Turning off "Load remote content in messages” may not apply to all mail previews

Description: This issue was addressed with improved setting propagation.

CVE-2020-3873: Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt, Hudson Pridham of Bridgeable, Stuart Chapman

Entry updated March 19, 2020

Messages

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2020-3859: Andrew Gonzalez, Simone PC

Entry updated January 29, 2020

Messages

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Users removed from an iMessage conversation may still be able to alter state

Description: This issue was addressed with improved checks.

CVE-2020-3844: Ayden Panhuyzen (@aydenpanhuyzen) and Jamie Bishop (@jamiebishop123) of Dynastic, Lance Rodgers of Oxon Hill High School

Entry updated January 29, 2020

Phone

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

CVE-2020-3828: an anonymous researcher

Safari Login AutoFill

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A local user may unknowingly send a password unencrypted over the network

Description: The issue was addressed with improved UI handling.

CVE-2020-3841: Sebastian Bicchi (@secresDoge) from Sec-Research

Screenshots

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Screenshots of the Messages app may reveal additional message content

Description: An issued existed in the naming of screenshots. The issue was corrected with improved naming.

CVE-2020-3874: Nicolas Luckie of Durham College

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious website may be able to cause a denial of service

Description: A denial of service issue was addressed with improved memory handling.

CVE-2020-3862: Srikanth Gatta of Google Chrome

Entry added January 29, 2020

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2020-3825: Przemysław Sporysz of Euvic

CVE-2020-3868: Marcin Towalski of Cisco Talos

Entry added January 29, 2020

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2020-3867: an anonymous researcher

Entry added January 29, 2020

WebKit Page Loading

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A DOM object context may not have had a unique security origin

Description: A logic issue was addressed with improved validation.

CVE-2020-3864: Ryan Pickren (ryanpickren.com)

Entry added February 6, 2020

WebKit Page Loading

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A top-level DOM object context may have incorrectly been considered secure

Description: A logic issue was addressed with improved validation.

CVE-2020-3865: Ryan Pickren (ryanpickren.com)

Entry added January 29, 2020, updated February 6, 2020

Wi-Fi

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3843: Ian Beer of Google Project Zero

Entry added February 6, 2020

wifivelocityd

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with system privileges

Description: The issue was addressed with improved permissions logic.

CVE-2020-3838: Dayton Pidhirney (@_watbulb)