{"api_version":"1","generated_at":"2026-04-23T00:39:37+00:00","cve":"CVE-2020-9947","urls":{"html":"https://cve.report/CVE-2020-9947","api":"https://cve.report/api/cve/CVE-2020-9947.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9947","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9947"},"summary":{"title":"CVE-2020-9947","description":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2020-12-08 20:15:00","updated_at":"2022-06-02 18:56:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT211952","name":"https://support.apple.com/en-us/HT211952","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of iTunes 12.10.9 for Windows - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT211850","name":"https://support.apple.com/en-us/HT211850","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202104-03","name":"GLSA-202104-03","refsource":"GENTOO","tags":[],"title":"WebkitGTK+: Multiple vulnerabilities (GLSA 202104-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT211845","name":"https://support.apple.com/en-us/HT211845","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of Safari 14.0 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT211844","name":"https://support.apple.com/en-us/HT211844","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of watchOS 7.0 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT211843","name":"https://support.apple.com/en-us/HT211843","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of tvOS 14.0 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT211935","name":"https://support.apple.com/en-us/HT211935","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"About the security content of iCloud for Windows 11.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/03/22/1","name":"[oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002","refsource":"MLIST","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9947","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9947","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9947","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-9947","qid":"296067","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)"},{"cve":"CVE-2020-9947","qid":"501710","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2020-9947","qid":"505517","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2020-9947","qid":"710013","title":"Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 202104-03)"},{"cve":"CVE-2020-9947","qid":"750655","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2021:1990-1)"},{"cve":"CVE-2020-9947","qid":"751623","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0142-1)"},{"cve":"CVE-2020-9947","qid":"751646","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0183-1)"},{"cve":"CVE-2020-9947","qid":"751648","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0182-1)"},{"cve":"CVE-2020-9947","qid":"751659","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-1)"},{"cve":"CVE-2020-9947","qid":"751755","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-2)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-9947","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"14.0"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"7.0"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_value":"14.0"}]}},{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"14.0"}]}},{"product_name":"iCloud for Windows","version":{"version_data":[{"version_affected":"<","version_value":"11.5"}]}},{"product_name":"iTunes for Windows","version":{"version_data":[{"version_affected":"<","version_value":"12.10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to arbitrary code execution"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211843","name":"https://support.apple.com/en-us/HT211843"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211850","name":"https://support.apple.com/en-us/HT211850"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211844","name":"https://support.apple.com/en-us/HT211844"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211935","name":"https://support.apple.com/en-us/HT211935"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211952","name":"https://support.apple.com/en-us/HT211952"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT211845","name":"https://support.apple.com/en-us/HT211845"},{"refsource":"MLIST","name":"[oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002","url":"http://www.openwall.com/lists/oss-security/2021/03/22/1"},{"refsource":"GENTOO","name":"GLSA-202104-03","url":"https://security.gentoo.org/glsa/202104-03"}]},"description":{"description_data":[{"lang":"eng","value":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution."}]}},"nvd":{"publishedDate":"2020-12-08 20:15:00","lastModifiedDate":"2022-06-02 18:56:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.10.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"11.5.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9947","Ordinal":"170343","Title":"CVE-2020-9947","CVE":"CVE-2020-9947","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9947","Ordinal":"1","NoteData":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9947","Ordinal":"2","NoteData":"2020-12-08","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9947","Ordinal":"3","NoteData":"2021-04-30","Type":"Other","Title":"Modified"}]}}}