Описание
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.2 (исключая)Версия до 13.2 (исключая)Версия до 10.15.1 (исключая)
Одно из
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00255
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
github
больше 3 лет назад
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
EPSS
Процентиль: 49%
0.00255
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-59