← back
CVE-2020-9934

CVE-2020-9934

CVSS 5.5 MEDIUMEPSS 3.2%● KEV
In short

iOS, iPadOS, and macOS didn't properly validate environment variables, allowing local users to access sensitive information they shouldn't see. This was fixed by improving how the system checks and handles these variables.

Technical detail

The vulnerability exists in environment variable handling where insufficient validation allows local attackers to read sensitive user data. The attack requires local access and is mitigated by enhanced input validation implemented in the patched versions (iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6).

Summary generated and translated by AI from the official description.
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Apple · iOSApple · macOS
public PoCs found1
githubgithub.com/mattshockl/CVE-2020-993424
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT211288https://support.apple.com/HT211289https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934