Published: 16/10/2020 Updated: 09/01/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple iphone os
apple ipados

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2020-07-15-2 macOS Catalina 10156, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra <! ...

CVE-2020–9934 POC

CVE-2020-9934 This Proof of Concept is a simple Swift program that will give itself and Terminal every kTCCService entitlement (pulled from tccd) and then do four things: Create a file named "<<<<BYPASS>>>>" in the TCC-protected directory Read the data from said file from within the TCC-protected directory List

NVD-CWE-noinfo https://support.apple.com/HT211288 https://support.apple.com/HT211289 https://nvd.nist.gov https://github.com/mattshockl/CVE-2020-9934 http://seclists.org/fulldisclosure/2020/Jul/24

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-9934

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect