CVE-2020-29623 : Security Advisory and Response
Learn about CVE-2020-29623 affecting Apple products, leading to incomplete browsing history deletion. Find mitigation steps and update recommendations here.
A vulnerability in Apple products allowed users to be unable to fully delete browsing history.
Understanding CVE-2020-29623
What is CVE-2020-29623?
The issue stemmed from the failure of the 'Clear History and Website Data' function to clear history completely.
The Impact of CVE-2020-29623
Users were at risk of being unable to fully delete their browsing history, potentially compromising their privacy.
Technical Details of CVE-2020-29623
Vulnerability Description
The vulnerability affected iOS and iPadOS versions less than 14.3, tvOS versions less than 14.3, and macOS versions less than 11.1.
Affected Systems and Versions
- iOS and iPadOS versions less than 14.3
- tvOS versions less than 14.3
- macOS versions less than 11.1
Exploitation Mechanism
The issue was related to the incomplete deletion of browsing history, impacting user privacy.
Mitigation and Prevention
Immediate Steps to Take
- Update affected systems to macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3, iPadOS 14.3, and tvOS 14.3.
- Regularly clear browsing history manually.
Long-Term Security Practices
- Enable automatic updates for Apple products.
- Use private browsing modes when necessary.
Patching and Updates
Apply the latest security updates and patches provided by Apple to ensure the vulnerability is addressed.