CVE-2020-9933 — Incorrect Authorization in Apple Tvos

CWE-863 — Incorrect Authorization6 documents4 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 55.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Tvos Apple Watchos +2 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages7 packages

▶CVEListV5apple/tvosunspecified — tvOS 13.4.8

▶NVDapple/tvos< 13.4.8

▶NVDapple/ipados< 13.6

▶CVEListV5apple/watchosunspecified — watchOS 6.2.8

▶NVDapple/watchos< 6.2.8

🔴Vulnerability Details

GHSA

GHSA-76mp-7869-8fcw: An authorization issue was addressed with improved state management↗2022-05-24

▶

CVEList

CVE-2020-9933: An authorization issue was addressed with improved state management↗2020-10-16

▶

📋Vendor Advisories

Apple

CVE-2020-9933: tvOS 13.4.8↗2020-07-15

▶

Apple

CVE-2020-9933: iOS 13.6 and iPadOS 13.6↗2020-07-15

▶

Apple

CVE-2020-9933: watchOS 6.2.8↗2020-07-15

▶