CVE-2020-9934

Confirmed PUBLISHED

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and...

Apple · iOS, macOS
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
5.5 Medium

At a Glance

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

cisa nessus_scanner ios macos
CVE Published
Oct 16, 2020
Exploitation Reported
Sep 08, 2022
CVSS
5.5 Medium
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Apple
iOS

unspecified to < iOS 13.6 and iPadOS 13.6

Affected
Apple
macOS

unspecified to < macOS Catalina 10.15.6

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.