Apple products and solutions are not exempt from security flaws. After a cyber security consulting, a group of researchers discovered multiple vulnerabilities in Apple iCloud that could be exploited by threat actors to bypass security restrictions, generate denial of service (DDoS) conditions, execute arbitrary code on the target system, deploy cross-site script sequence (XSS) attacks, and obtain sensitive information from victims.
These flaws were reported on March 25, and are considered high-severity. Cyber security consulting specialists then provide a brief explanation of each of these vulnerabilities, alongside with their respective Common Vulnerability Scoring System (CVSS) key.
CVE-2020-9783: This is a logical vulnerability in WebKit that could be exploited to bypass security restrictions on the target system.
CVE-2020-3909: A buffer overflow issue in libxml2 that can be exploited to generate a denial of service (DDoS) condition on the victim’s system.
CVE-2020-3910: This is a memory corruption vulnerability in WebKit that will be exploited using a web page specially designed to execute arbitrary code.
CVE-2020-3887: A type confusion vulnerability in WebKit that can be exploited through a web page specially designed to execute arbitrary code.
CVE-2020-3895: An input validation vulnerability in WebKit that could be exploited using a web page specially designed to perform XSS attacks.
CVE-2020-3894: A race condition vulnerability in WebKit that could be exploited to obtain sensitive information from the target user.
CVE-2020-3901: A type confusion vulnerability in WebKit that threat actors could remotely exploit to execute arbitrary code.
CVE-2020-3899: This is a use-after-free vulnerability in WebKit that can be exploited through a specially designed web page and trigger arbitrary code execution.
CVE-2020-3900: A memory consumption vulnerability in WebKit that can be exploited remotely to execute arbitrary code.
CVE-2020-3897: A logical vulnerability in the WebKit upload page that can be exploited to bypass security restrictions.
The corresponding corrections have not yet been released, so cyber security consulting experts from the International Institute of Cyber Security (IICS) recommends checking the official platforms of the developer company to learn more about these flaws and the release date of the updates.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.