CVE-2020-9934

CVE Database · CVE-2020-9934

CVE-2020-9934

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

3.21%

Published

Oct 16, 2020

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2022-09-08 · Due: 2022-09-29

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCmattshockl/CVE-2020-9934★24

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products (3)

apple · ipados (up to 13.6)vulnerable

apple · iphone_os (up to 13.6)vulnerable

apple · mac_os_x (up to 10.15.6)vulnerable

References (5)

https://support.apple.com/HT211288

Release NotesVendor Advisory

https://support.apple.com/HT211289

Release NotesVendor Advisory

https://support.apple.com/HT211288

Release NotesVendor Advisory

https://support.apple.com/HT211289

Release NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs