CVE-2020-9934
published 2020-10-16CVE-2020-9934: An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-09-29
Exploited in the wild
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | >= unspecified < iOS 13.6 and iPadOS 13.6 | iOS 13.6 and iPadOS 13.6 |
| apple | ios_13.6_and_ipados | — | — |
| apple | ipados | < 13.6 | 13.6 |
| apple | iphone_os | < 13.6 | 13.6 |
| apple | mac_os_x | < 10.15.6 | 10.15.6 |
| apple | macos | >= unspecified < macOS Catalina 10.15.6 | macOS Catalina 10.15.6 |
| apple | macos_catalina_10.15.6_security_update_2020-004_mojave_security_update_2020-004 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM