漏洞公告编号: APPLE-SA-2019-12-10-1 影响版本: iOS 13.3 and iPadOS 13.3 涉及组件及漏洞: - CallKit: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans. (CVE-2019-8856) - CFNetwork Proxies: An application may be able to gain elevated privileges. (CVE-2019-8848) - FaceTime: Processing malicious video via FaceTime may lead to arbitrary code execution. (CVE-2019-8830) - IOSurfaceAccelerator: An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8841) - IOUSBDeviceFamily: A memory corruption issue was addressed with improved memory handling. (CVE-2019-8836) - Kernel: Multiple memory corruption issues were addressed with improved memory handling. (CVE-2019-8828, CVE-2019-8838) - libexpat: Parsing a maliciously crafted XML file may lead to disclosure of user information. (CVE-2019-15903) - Photos: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled. (CVE-2019-8857) - Security: A memory corruption issue was addressed with improved memory handling. (CVE-2019-8832) - WebKit: Multiple memory corruption issues were addressed with improved memory handling. (CVE-2019-8835, CVE-2019-8844) 公开源: https://support.apple.com/kb/HT201222 公开日期: December 10, 2019