Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-9801 — Apple Safari vulnerability

4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

25.6%

top 3.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedJun 9

Latest updateMay 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5apple/safariunspecified — Safari 13.1.1

▶NVDapple/safari< 13.1.1

🔴Vulnerability Details

GHSA

GHSA-96jg-rxgq-fg5c: A logic issue was addressed with improved restrictions↗2022-05-24

▶

CVEList

CVE-2020-9801: A logic issue was addressed with improved restrictions↗2020-06-09

▶

💥Exploits & PoCs

Metasploit

Safari in Operator Side Effect Exploit↗

▶