Vulnerability Details : CVE-2020-9934
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
CVE-2020-9934 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Notes:
https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289
Added on
2022-09-08
Action due date
2022-09-29
Exploit prediction scoring system (EPSS) score for CVE-2020-9934
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less