cvelistv5 - cve-2020-9934

CVE-2020-9934 (GCVE-0-2020-9934)

Vulnerability from cvelistv5 – Published: 2020-10-16 16:51 – Updated: 2025-10-21 23:35

CISA

Summary

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

A local user may be able to view sensitive user information

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT211289	x_refsource_MISC
	https://support.apple.com/HT211288	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

iOS

Affected: unspecified , < iOS 13.6 and iPadOS 13.6 (custom)

Apple

macOS

Affected: unspecified , < macOS Catalina 10.15.6 (custom)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-09-08

Due date: 2022-09-29

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:50:56.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211289"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211288"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-9934",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:38:08.647380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:35.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-08T00:00:00+00:00",
            "value": "CVE-2020-9934 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.6 and iPadOS 13.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Catalina 10.15.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A local user may be able to view sensitive user information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T16:51:05.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211289"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211288"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.6 and iPadOS 13.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Catalina 10.15.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A local user may be able to view sensitive user information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211289",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211289"
            },
            {
              "name": "https://support.apple.com/HT211288",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211288"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9934",
    "datePublished": "2020-10-16T16:51:05.000Z",
    "dateReserved": "2020-03-02T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:35.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-9934",
      "dateAdded": "2022-09-08",
      "dueDate": "2022-09-29",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934",
      "product": "iOS, iPadOS, and macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple iOS, iPadOS, and macOS Input Validation Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-09-29",
      "cisaExploitAdd": "2022-09-08",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Apple iOS, iPadOS, and macOS Input Validation Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"87D68071-5235-4B50-90F0-B55B0C668840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.6\", \"matchCriteriaId\": \"FD0ACF42-C643-4DED-ADF7-4FA29B7578F7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.\"}, {\"lang\": \"es\", \"value\": \"Se present\\u00f3 un problema en el manejo de variables de entorno.\u0026#xa0;Este problema fue abordado con una comprobaci\\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\\u00f3n 13.6 y iPadOS versi\\u00f3n 13.6, macOS Catalina versi\\u00f3n 10.15.6.\u0026#xa0;Un usuario local puede ser capaz de visualizar informaci\\u00f3n confidencial del usuario\"}]",
      "id": "CVE-2020-9934",
      "lastModified": "2024-11-21T05:41:33.280",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-16T17:15:17.637",
      "references": "[{\"url\": \"https://support.apple.com/HT211288\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211289\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9934\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-16T17:15:17.637\",\"lastModified\":\"2025-10-23T18:04:37.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema en el manejo de variables de entorno.\u0026#xa0;Este problema fue abordado con una comprobaci\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 13.6 y iPadOS versi\u00f3n 13.6, macOS Catalina versi\u00f3n 10.15.6.\u0026#xa0;Un usuario local puede ser capaz de visualizar informaci\u00f3n confidencial del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-09-08\",\"cisaActionDue\":\"2022-09-29\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple iOS, iPadOS, and macOS Input Validation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"87D68071-5235-4B50-90F0-B55B0C668840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.6\",\"matchCriteriaId\":\"FD0ACF42-C643-4DED-ADF7-4FA29B7578F7\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211288\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211289\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/HT211289\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/HT211288\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T10:50:56.270Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-9934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T17:38:08.647380Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-09-08T00:00:00+00:00\", \"value\": \"CVE-2020-9934 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T17:27:30.431Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"iOS 13.6 and iPadOS 13.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"macOS Catalina 10.15.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/HT211289\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.apple.com/HT211288\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"A local user may be able to view sensitive user information\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2020-10-16T16:51:05.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"iOS 13.6 and iPadOS 13.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"iOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"macOS Catalina 10.15.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}]}, \"vendor_name\": \"Apple\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://support.apple.com/HT211289\", \"name\": \"https://support.apple.com/HT211289\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.apple.com/HT211288\", \"name\": \"https://support.apple.com/HT211288\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"A local user may be able to view sensitive user information\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-9934\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"product-security@apple.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-9934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:35.426Z\", \"dateReserved\": \"2020-03-02T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2020-10-16T16:51:05.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 13.6
Apple	macOS	macOS Catalina versions antérieures à 10.15.6
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-004
Apple	N/A	iPadOS versions antérieures à 13.6
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-004
Apple	N/A	tvOS versions antérieures à 13.4.8
Apple	Safari	Safari versions antérieures à 13.1.2
Apple	N/A	watchOS versions antérieures à 6.2.8

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211289 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211288 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211292 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211291 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211290 du 15 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-9885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9885"
    },
    {
      "name": "CVE-2020-9878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9878"
    },
    {
      "name": "CVE-2019-19906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
    },
    {
      "name": "CVE-2020-9933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9933"
    },
    {
      "name": "CVE-2020-9870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9870"
    },
    {
      "name": "CVE-2020-9890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9890"
    },
    {
      "name": "CVE-2020-9934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9934"
    },
    {
      "name": "CVE-2020-9910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9910"
    },
    {
      "name": "CVE-2019-20807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20807"
    },
    {
      "name": "CVE-2020-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9936"
    },
    {
      "name": "CVE-2020-9911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9911"
    },
    {
      "name": "CVE-2020-9865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9865"
    },
    {
      "name": "CVE-2020-9799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9799"
    },
    {
      "name": "CVE-2020-9894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9894"
    },
    {
      "name": "CVE-2020-9895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9895"
    },
    {
      "name": "CVE-2020-9914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9914"
    },
    {
      "name": "CVE-2020-9931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9931"
    },
    {
      "name": "CVE-2020-9866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9866"
    },
    {
      "name": "CVE-2020-9916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9916"
    },
    {
      "name": "CVE-2020-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9923"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-9912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9912"
    },
    {
      "name": "CVE-2020-9893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9893"
    },
    {
      "name": "CVE-2020-9922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9922"
    },
    {
      "name": "CVE-2020-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9862"
    },
    {
      "name": "CVE-2020-9864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9864"
    },
    {
      "name": "CVE-2020-9925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9925"
    },
    {
      "name": "CVE-2020-9913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9913"
    },
    {
      "name": "CVE-2020-9888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9888"
    },
    {
      "name": "CVE-2020-9907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9907"
    },
    {
      "name": "CVE-2020-9917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9917"
    },
    {
      "name": "CVE-2020-9889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9889"
    },
    {
      "name": "CVE-2020-9909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9909"
    },
    {
      "name": "CVE-2020-9891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9891"
    },
    {
      "name": "CVE-2020-9903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9903"
    },
    {
      "name": "CVE-2020-9918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9918"
    },
    {
      "name": "CVE-2020-9884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9884"
    },
    {
      "name": "CVE-2020-9915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9915"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-452",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-20T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE-2020-9922.",
      "revision_date": "2021-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211289 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211289"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211288 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211288"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211292 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211292"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211291 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211290 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211290"
    }
  ]
}

CERTFR-2020-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 13.6
Apple	macOS	macOS Catalina versions antérieures à 10.15.6
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-004
Apple	N/A	iPadOS versions antérieures à 13.6
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-004
Apple	N/A	tvOS versions antérieures à 13.4.8
Apple	Safari	Safari versions antérieures à 13.1.2
Apple	N/A	watchOS versions antérieures à 6.2.8

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211289 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211288 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211292 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211291 du 15 juillet 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211290 du 15 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-9885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9885"
    },
    {
      "name": "CVE-2020-9878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9878"
    },
    {
      "name": "CVE-2019-19906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
    },
    {
      "name": "CVE-2020-9933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9933"
    },
    {
      "name": "CVE-2020-9870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9870"
    },
    {
      "name": "CVE-2020-9890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9890"
    },
    {
      "name": "CVE-2020-9934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9934"
    },
    {
      "name": "CVE-2020-9910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9910"
    },
    {
      "name": "CVE-2019-20807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20807"
    },
    {
      "name": "CVE-2020-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9936"
    },
    {
      "name": "CVE-2020-9911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9911"
    },
    {
      "name": "CVE-2020-9865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9865"
    },
    {
      "name": "CVE-2020-9799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9799"
    },
    {
      "name": "CVE-2020-9894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9894"
    },
    {
      "name": "CVE-2020-9895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9895"
    },
    {
      "name": "CVE-2020-9914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9914"
    },
    {
      "name": "CVE-2020-9931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9931"
    },
    {
      "name": "CVE-2020-9866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9866"
    },
    {
      "name": "CVE-2020-9916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9916"
    },
    {
      "name": "CVE-2020-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9923"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-9912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9912"
    },
    {
      "name": "CVE-2020-9893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9893"
    },
    {
      "name": "CVE-2020-9922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9922"
    },
    {
      "name": "CVE-2020-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9862"
    },
    {
      "name": "CVE-2020-9864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9864"
    },
    {
      "name": "CVE-2020-9925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9925"
    },
    {
      "name": "CVE-2020-9913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9913"
    },
    {
      "name": "CVE-2020-9888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9888"
    },
    {
      "name": "CVE-2020-9907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9907"
    },
    {
      "name": "CVE-2020-9917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9917"
    },
    {
      "name": "CVE-2020-9889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9889"
    },
    {
      "name": "CVE-2020-9909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9909"
    },
    {
      "name": "CVE-2020-9891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9891"
    },
    {
      "name": "CVE-2020-9903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9903"
    },
    {
      "name": "CVE-2020-9918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9918"
    },
    {
      "name": "CVE-2020-9884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9884"
    },
    {
      "name": "CVE-2020-9915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9915"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-452",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-20T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE-2020-9922.",
      "revision_date": "2021-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211289 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211289"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211288 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211288"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211292 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211292"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211291 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211290 du 15 juillet 2020",
      "url": "https://support.apple.com/en-us/HT211290"
    }
  ]
}

GHSA-X5M3-93G8-F3RH

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2025-10-22 00:31

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9934"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.",
  "id": "GHSA-x5m3-93g8-f3rh",
  "modified": "2025-10-22T00:31:59Z",
  "published": "2022-05-24T17:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9934"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211289"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-9934

Vulnerability from fkie_nvd - Published: 2020-10-16 17:15 - Updated: 2025-10-23 18:04

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211288	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211289	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211288	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211289	Release Notes, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934	US Government Resource

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	mac_os_x	*

JSON

To clipboard

{
  "cisaActionDue": "2022-09-29",
  "cisaExploitAdd": "2022-09-08",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apple iOS, iPadOS, and macOS Input Validation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D68071-5235-4B50-90F0-B55B0C668840",
              "versionEndExcluding": "13.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
              "versionEndExcluding": "13.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7",
              "versionEndExcluding": "10.15.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
    },
    {
      "lang": "es",
      "value": "Se present\u00f3 un problema en el manejo de variables de entorno.\u0026#xa0;Este problema fue abordado con una comprobaci\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 13.6 y iPadOS versi\u00f3n 13.6, macOS Catalina versi\u00f3n 10.15.6.\u0026#xa0;Un usuario local puede ser capaz de visualizar informaci\u00f3n confidencial del usuario"
    }
  ],
  "id": "CVE-2020-9934",
  "lastModified": "2025-10-23T18:04:37.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-16T17:15:17.637",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211288"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211289"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-9934

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9934

Aliases

CVE-2020-9934

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9934",
    "description": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.",
    "id": "GSD-2020-9934"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9934"
      ],
      "details": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.",
      "id": "GSD-2020-9934",
      "modified": "2023-12-13T01:21:52.609394Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9934",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.6 and iPadOS 13.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Catalina 10.15.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A local user may be able to view sensitive user information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211289",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211289"
          },
          {
            "name": "https://support.apple.com/HT211288",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211288"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9934"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211288",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211288"
            },
            {
              "name": "https://support.apple.com/HT211289",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211289"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2020-10-16T17:15Z"
    }
  }
}

CNVD-2020-51497

Vulnerability from cnvd - Published: 2020-09-10

Title

多款Apple产品CoreFoundation组件存在未明漏洞

Description

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。Apple macOS Catalina是一套专为Mac计算机所开发的专用操作系统。CoreFoundation是其中的一个C语言应用程序编程接口（API）组件。 Apple macOS Catalina 10.15.6之前版本、iOS 13.6之前版本和iPadOS 13.6之前版本中的CoreFoundation组件存在安全漏洞。本地攻击者可利用该漏洞获取敏感的用户信息。

Severity

低

Patch Name

多款Apple产品CoreFoundation组件存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT211288

Reference

https://support.apple.com/zh-cn/HT211288

Impacted products

Name
['Apple iOS <13.6', 'Apple iPadOS <13.6', 'Apple Apple macOS Catalina <10.15.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9934",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9934"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002CoreFoundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2aC\u8bed\u8a00\u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u7ec4\u4ef6\u3002\n\nApple macOS Catalina 10.15.6\u4e4b\u524d\u7248\u672c\u3001iOS 13.6\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT211288",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51497",
  "openTime": "2020-09-10",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002CoreFoundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2aC\u8bed\u8a00\u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Catalina 10.15.6\u4e4b\u524d\u7248\u672c\u3001iOS 13.6\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c13.6",
      "Apple iPadOS \u003c13.6",
      "Apple  Apple macOS Catalina \u003c10.15.6"
    ]
  },
  "referenceLink": "https://support.apple.com/zh-cn/HT211288",
  "serverity": "\u4f4e",
  "submitTime": "2020-08-05",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

VAR-202010-1252

Vulnerability from variot - Updated: 2024-01-17 19:00

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. CoreFoundation is one of the C language application programming interface (API) components. A security vulnerability exists in the CoreFoundation component of Apple macOS Catalina versions prior to 10.15.6, iOS versions prior to 13.6, and iPadOS versions prior to 13.6. CVE-2020-9870: Samuel Groß of Google Project Zero

CoreAudio Available for: macOS High Sierra 10.13.6 Impact: A buffer overflow may result in arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-9799: ABC Research s.r.o.

Installation note:

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y 0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+ bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6 ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM= =GCJp -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6

iOS 13.6 and iPadOS 13.6 are now available and address the following:

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab

AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9907: an anonymous researcher

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved input validation. CVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab

CoreFoundation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. CVE-2020-9934: an anonymous researcher

Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud

GeoServices Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to read sensitive location information Description: An authorization issue was addressed with improved state management. CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.

iAP Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An input validation issue existed in Bluetooth. CVE-2020-9914: Andy Davis of NCC Group

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-9923: Proteas

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9909: Brandon Azad of Google Project Zero

Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906

Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security

Safari Login AutoFill Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker may cause Safari to suggest a password for the wrong domain Description: A logic issue was addressed with improved restrictions. CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Reader Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy Description: A logic issue was addressed with improved restrictions. CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. CVE-2020-9915: an anonymous researcher

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel Groß of Google Project Zero

WebKit Page Loading Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10)

WebKit Web Inspector Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. CVE-2020-9862: Ophir Lojkine (@lovasoa)

Wi-Fi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)

WiFi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9917: an anonymous researcher, Pradeep Deokate of Harman

Additional recognition

Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.6 and iPadOS 13.6". -----BEGIN PGP SIGNATURE-----

iQIyBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8POhUACgkQBz4uGe3y 0M3VAA/3ciev1rSP1w547PW3gsdGviEqUD6d5cNWfVKyIywIwqhXD24bNn471XPe ufoLyxB/SlH9yKcHjuNYmeL+tu+4Gqx+YvaNTrKkBlh0DP7bB7y1vKVDbHjTsSbx ecrPfDI3ZHXXux9+1fYZ47ISnJDakqVEI3bAw7JFtwL4DmQYdyk+xaUVTXTXksoV YwXin1usgQUZp921ygUNzP5kMwwdmbwenMS+U5s270TlSFPLflB61iykZCEOt7n4 sQqpv1A1GQPigTAPZOevl/TyfUAzRxXhOjXoBw6GSHXmfrLdkT72cw+VuIxZ2rpG 5VGkORd8S0PNDPndLYUb3VxKa4GucbuFd/f4YY4xhJuyZj1ANidPmSn1QkviqCjz 47pvdvWIQpRAQZv4yhlCfcZPYYwkHOPLsmSYbUdfKZvMHx+GneJp4T6ofZ5E7pvQ W354Asbg8fSFbx0jbmQpI0jJIgwLy8ydMVf1HsqToM/mSwTRQBjONNGQweHIdfXQ Z1PJ4cmOTutRmGLgDHIikVkq8mIu+1EOWBkLAXoZrn7d9pbosHZG/5OT3rpXpQU2 FykbSj7EkVyEJ978rAaynixaiuNbaw39osKaP4H5LcFhzyM8tF3paiR0gXKhizTB w57KB0YW0QrWBupRIdAd+yH2jt6iNviLfkq7fUAzZ3hb1iikVw== =Tlxk -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.6"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.6 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.5"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.6 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.6 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.6 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "db": "PACKETSTORM",
        "id": "158456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-9934",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009681",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-188059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-9934",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009681",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9934",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-009681",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1110",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-188059",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9934",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. CoreFoundation is one of the C language application programming interface (API) components. A security vulnerability exists in the CoreFoundation component of Apple macOS Catalina versions prior to 10.15.6, iOS versions prior to 13.6, and iPadOS versions prior to 13.6. \nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\nCoreAudio\nAvailable for: macOS High Sierra 10.13.6\nImpact: A buffer overflow may result in arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-9799: ABC Research s.r.o. \n\nInstallation note:\n\nmacOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security\nUpdate 2020-004 High Sierra may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y\n0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ\nFsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ\nDZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B\naDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd\nqVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq\nwJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG\nSQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+\nbsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U\neYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y\nkgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6\nML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=\n=GCJp\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6\n\niOS 13.6 and iPadOS 13.6 are now available and address the following:\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9907: an anonymous researcher\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may cause an unexpected application\ntermination\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure\nMobile Networking Lab\n\nCoreFoundation\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to view sensitive user information\nDescription: An issue existed in the handling of environment\nvariables. \nCVE-2020-9934: an anonymous researcher\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360\nBugCloud\n\nGeoServices\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. \n\niAP\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: An input validation issue existed in Bluetooth. \nCVE-2020-9914: Andy Davis of NCC Group\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9936: Mickey Jin of Trend Micro\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-9923: Proteas\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9909: Brandon Azad of Google Project Zero\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote  attacker can cause a limited out-of-bounds write,\nresulting in a denial of service\nDescription: An input validation issue was addressed. \nCVE-2019-19906\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A user that is removed from an iMessage group could rejoin\nthe group\nDescription: An issue existed in the handling of iMessage tapbacks. \nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP\nHigh School North (medium.com/@suryanshmansha)\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\nSafari Login AutoFill\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious attacker may cause Safari to suggest a password\nfor the wrong domain\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\nSafari Reader\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An issue in Safari Reader mode may allow a remote attacker to\nbypass the Same Origin Policy\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may prevent\nContent Security Policy from being enforced\nDescription: An access issue existed in Content Security Policy. \nCVE-2020-9915: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9925: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: Multiple issues were addressed with improved logic. \nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\nWebKit Page Loading\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious attacker may be able to conceal the destination\nof a URL\nDescription: A URL Unicode encoding issue was addressed with improved\nstate management. \nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\nWebKit Web Inspector\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Copying a URL from Web Inspector may lead to command\ninjection\nDescription: A command injection issue existed in Web Inspector. \nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud\n(bugcloud.360.cn)\n\nWiFi\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-9917: an anonymous researcher, Pradeep Deokate of Harman\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nUSB Audio\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.6 and iPadOS 13.6\". \n-----BEGIN PGP SIGNATURE-----\n\niQIyBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8POhUACgkQBz4uGe3y\n0M3VAA/3ciev1rSP1w547PW3gsdGviEqUD6d5cNWfVKyIywIwqhXD24bNn471XPe\nufoLyxB/SlH9yKcHjuNYmeL+tu+4Gqx+YvaNTrKkBlh0DP7bB7y1vKVDbHjTsSbx\necrPfDI3ZHXXux9+1fYZ47ISnJDakqVEI3bAw7JFtwL4DmQYdyk+xaUVTXTXksoV\nYwXin1usgQUZp921ygUNzP5kMwwdmbwenMS+U5s270TlSFPLflB61iykZCEOt7n4\nsQqpv1A1GQPigTAPZOevl/TyfUAzRxXhOjXoBw6GSHXmfrLdkT72cw+VuIxZ2rpG\n5VGkORd8S0PNDPndLYUb3VxKa4GucbuFd/f4YY4xhJuyZj1ANidPmSn1QkviqCjz\n47pvdvWIQpRAQZv4yhlCfcZPYYwkHOPLsmSYbUdfKZvMHx+GneJp4T6ofZ5E7pvQ\nW354Asbg8fSFbx0jbmQpI0jJIgwLy8ydMVf1HsqToM/mSwTRQBjONNGQweHIdfXQ\nZ1PJ4cmOTutRmGLgDHIikVkq8mIu+1EOWBkLAXoZrn7d9pbosHZG/5OT3rpXpQU2\nFykbSj7EkVyEJ978rAaynixaiuNbaw39osKaP4H5LcFhzyM8tF3paiR0gXKhizTB\nw57KB0YW0QrWBupRIdAd+yH2jt6iNviLfkq7fUAzZ3hb1iikVw==\n=Tlxk\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "db": "PACKETSTORM",
        "id": "158456"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9934",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94090210",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158457",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "49963",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2430",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-51497",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-188059",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158456",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "db": "PACKETSTORM",
        "id": "158456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "id": "VAR-202010-1252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-01-17T19:00:23.153000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211288",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211288"
      },
      {
        "title": "HT211289",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211289"
      },
      {
        "title": "HT211289",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211289"
      },
      {
        "title": "HT211288",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211288"
      },
      {
        "title": "Multiple Apple product CoreFoundation Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124578"
      },
      {
        "title": "CVE-2020-9934",
        "trust": 0.1,
        "url": "https://github.com/mattshockl/cve-2020-9934 "
      },
      {
        "title": "https://github.com/V0lk3n/OSMR-CheatSheet",
        "trust": 0.1,
        "url": "https://github.com/v0lk3n/osmr-cheatsheet "
      },
      {
        "title": "CSIRT",
        "trust": 0.1,
        "url": "https://github.com/spacial/awesome-csirt "
      },
      {
        "title": "CSIRT",
        "trust": 0.1,
        "url": "https://github.com/3th1c4l-t0n1/awesome-csirt "
      },
      {
        "title": "CSIRT",
        "trust": 0.1,
        "url": "https://github.com/spacial/csirt "
      },
      {
        "title": "https://github.com/houjingyi233/macOS-iOS-system-security",
        "trust": 0.1,
        "url": "https://github.com/houjingyi233/macos-ios-system-security "
      },
      {
        "title": "https://github.com/houjingyi233/macos-ios-exploit-writeup",
        "trust": 0.1,
        "url": "https://github.com/houjingyi233/macos-ios-exploit-writeup "
      },
      {
        "title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
        "trust": 0.1,
        "url": "https://github.com/alphaseclab/sec-daily-2020 "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/0xt11/cve-poc "
      },
      {
        "title": "Known Exploited Vulnerabilities Detector",
        "trust": 0.1,
        "url": "https://github.com/ostorlab/kev "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000s/poc-in-github "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/poc-in-github "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211288"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht211289"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9934"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9934"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94090210/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158457/apple-security-advisory-2020-07-15-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211288"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/49963"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-32847"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211289"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2430/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9918"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9878"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9889"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9888"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9885"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9891"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9890"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9865"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/mattshockl/cve-2020-9934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9913"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9936"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9931"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9917"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9933"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9911"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9907"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "db": "PACKETSTORM",
        "id": "158456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "db": "PACKETSTORM",
        "id": "158456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "date": "2020-10-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "date": "2020-11-27T06:28:35",
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "date": "2020-07-17T19:23:49",
        "db": "PACKETSTORM",
        "id": "158457"
      },
      {
        "date": "2020-07-17T19:23:30",
        "db": "PACKETSTORM",
        "id": "158456"
      },
      {
        "date": "2020-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "date": "2020-10-16T17:15:17.637000",
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-188059"
      },
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9934"
      },
      {
        "date": "2020-11-27T06:28:35",
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      },
      {
        "date": "2023-01-09T16:41:59.350000",
        "db": "NVD",
        "id": "CVE-2020-9934"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009681"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1110"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9934 (GCVE-0-2020-9934)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2020-AVI-452

Solution

CERTFR-2020-AVI-452

Solution

GHSA-X5M3-93G8-F3RH

FKIE_CVE-2020-9934

GSD-2020-9934

CNVD-2020-51497

VAR-202010-1252

Tags

Sightings

Nomenclature