CVE-2020-9934
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
Se presentó un problema en el manejo de variables de entorno. Este problema fue abordado con una comprobación mejorada. Este problema es corregido en iOS versión 13.6 y iPadOS versión 13.6, macOS Catalina versión 10.15.6. Un usuario local puede ser capaz de visualizar información confidencial del usuario
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-02 CVE Reserved
- 2020-07-17 CVE Published
- 2020-07-28 First Exploit
- 2022-09-08 Exploited in Wild
- 2022-09-29 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-10-23 EPSS Updated
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://medium.com/@mattshockl/cve-2020-9934-bypassing-the-os-x-transparency-consent-and-control-tcc-framework-for-4e14806f1de8 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/mattshockl/CVE-2020-9934 | 2020-07-28 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/HT211288 | 2023-01-09 | |
| https://support.apple.com/HT211289 | 2023-01-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 13.6 Search vendor "Apple" for product "Ipados" and version " < 13.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 13.6 Search vendor "Apple" for product "Iphone Os" and version " < 13.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.15.6 Search vendor "Apple" for product "Mac Os X" and version " < 10.15.6" | - |
Affected
| ||||||