⚠ Actively exploited

Added to CISA KEV on 2022-09-08. Federal agencies required to patch by 2022-09-29. Required action: Apply updates per vendor instructions..

CVE-2020-9934 — Apple Macos vulnerability

8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

2.4%

top 14.80%

CISA KEV

KEV

Added 2022-09-08

Due 2022-09-29

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS Apple Macos Apple Ipados +2 more

Timeline

PublishedOct 16

KEV addedSep 8

KEV dueSep 29

Latest updateJul 28

CISA Required Action: Apply updates per vendor instructions.

Description

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.6

▶NVDapple/ipados< 13.6

▶NVDapple/mac_os_x< 10.15.6

▶CVEListV5apple/iosunspecified — iOS 13.6 and iPadOS 13.6

▶NVDapple/iphone_os< 13.6

🔴Vulnerability Details

GHSA

GHSA-x5m3-93g8-f3rh: An issue existed in the handling of environment variables↗2022-05-24

▶

CVEList

CVE-2020-9934: An issue existed in the handling of environment variables↗2020-10-16

▶

VulnCheck

Apple iOS, iPadOS, and macOS Input Validation Vulnerability↗2020

▶

📋Vendor Advisories

CISA

Apple iOS, iPadOS, and macOS Input Validation Vulnerability↗2022-09-08

▶

Apple

CVE-2020-9934: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra↗2020-07-15

▶

Apple

CVE-2020-9934: iOS 13.6 and iPadOS 13.6↗2020-07-15

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data↗2025-07-28

▶