CVE-2020-9774Missing Encryption of Sensitive Data in Apple Macos

CWE-311Missing Encryption of Sensitive Data3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 64.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedOct 27
Latest updateMay 24

Description

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/macosunspecified10.15
NVDapple/mac_os_x< 10.15.3

🔴Vulnerability Details

2
GHSA
GHSA-v8pr-2ghj-3cwq: An issue existed with Siri Suggestions access to encrypted data2022-05-24
CVEList
CVE-2020-9774: An issue existed with Siri Suggestions access to encrypted data2020-10-27
CVE-2020-9774 — Missing Encryption of Sensitive Data | cvebase