This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Icloud | Apple | * | 7.21 (excluding) |
| Icloud | Apple | 11.0 (including) | 11.4 (excluding) |
| Ipados | Apple | * | 14.0 (excluding) |
| Iphone_os | Apple | * | 14.0 (excluding) |
| Mac_os_x | Apple | * | 11.0.1 (excluding) |
| Tvos | Apple | * | 14.0 (excluding) |
| Watchos | Apple | * | 7.0 (excluding) |
| Sqlite | Ubuntu | eoan | * |
| Sqlite | Ubuntu | groovy | * |
| Sqlite | Ubuntu | hirsute | * |
| Sqlite | Ubuntu | impish | * |
| Sqlite | Ubuntu | trusty | * |
| Sqlite | Ubuntu | upstream | * |
| Sqlite | Ubuntu | xenial | * |
| Sqlite3 | Ubuntu | eoan | * |
| Sqlite3 | Ubuntu | groovy | * |
| Sqlite3 | Ubuntu | hirsute | * |
| Sqlite3 | Ubuntu | impish | * |
| Sqlite3 | Ubuntu | precise/esm | * |
| Sqlite3 | Ubuntu | trusty | * |
| Sqlite3 | Ubuntu | xenial | * |
References
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://support.apple.com/en-us/HT211843
- https://support.apple.com/en-us/HT211844
- https://support.apple.com/en-us/HT211847
- https://support.apple.com/en-us/HT211850
- https://support.apple.com/en-us/HT211931
- https://support.apple.com/kb/HT211846
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://support.apple.com/en-us/HT211843
- https://support.apple.com/en-us/HT211844
- https://support.apple.com/en-us/HT211847
- https://support.apple.com/en-us/HT211850
- https://support.apple.com/en-us/HT211931
- https://support.apple.com/kb/HT211846