CVE-2020-9934

Warning

EPSS 1.78%
Published 16.10.2020 17:15:17
Last modified 28.02.2025 14:44:48
Source product-security@apple.com
Teams watchlist Login
Open Login

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

Affected products Warnungen 1 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 13.6

Apple ≫ iPhone OS Version < 13.6

Apple ≫ macOS X Version < 10.15.6

08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS, iPadOS, and macOS Input Validation Vulnerability

Vulnerability

Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.78%	0.821

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

https://support.apple.com/HT211289

Vendor Advisory

Release Notes

https://support.apple.com/HT211288

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-9934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9934

EUVD