About the security content of iOS 13.5 and iPadOS 13.5
This document describes the security content of iOS 13.5 and iPadOS 13.5.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
iOS 13.5 and iPadOS 13.5
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application could interact with system processes to access private information and perform privileged actions
Description: An entitlement parsing issue was addressed with improved parsing.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.
CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted text message may lead to application denial of service
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com
FaceTime
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.
CVE-2020-9835: Olivier Levesque (@olilevesque)
File System
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to modify the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9820: Thijs Alkemade of Computest
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine another application's memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed through improved input validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: derrek (@derrekr6)
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
libxpc
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to overwrite arbitrary files
Description: A path handling issue was addressed with improved validation.
CVE-2020-9994: Apple
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to heap corruption
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2020-9819: ZecOps.com
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9818: ZecOps.com
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Users removed from an iMessage conversation may still be able to alter state
Description: This issue was addressed with improved checks.
CVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey
Notifications
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen
Description: An authorization issue was addressed with improved state management.
CVE-2020-9848: Nima
rsync
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2014-9512: gaojianfeng
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9854: Ilias Morad (A2nkF)
SQLite
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9794
System Preferences
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9792: Andy Davis of NCC Group
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: An input validation issue was addressed with improved input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: An access issue was addressed with improved memory management.
CVE-2019-20503: natashenka of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Additional recognition
Bluetooth
We would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
Device Analytics
We would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Safari
We would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.