CVE-2020-9934

Published: Oct 16, 2020Modified: Oct 23, 2025CISA KEV

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

Affected (3)

Products: Apple: Ipados, Iphone Os, Mac Os X

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 13.6
Apple Iphone Os	Before 13.6
Apple Mac Os X	Before 10.15.6

References (5)

https://support.apple.com/HT211288

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT211289

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT211288

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT211289

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.