CVE-2020-9849: SQL Injection
First published: Wed Sep 16 2020(Updated: )
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
Credit: CVE-2020-9849 CVE-2020-9849 CVE-2020-9849 CVE-2020-9849 CVE-2020-9849 CVE-2020-9849 product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <11.5 | 11.5 |
| Apple iTunes for Windows | <12.10.9 | 12.10.9 |
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple watchOS | <7.0 | 7.0 |
| Apple tvOS | <14.0 | 14.0 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| Apple Icloud Windows | <11.5 | |
| Apple Itunes Windows | >=12.0.0<12.10.9 | |
| Apple iPadOS | <14.0 | |
| Apple macOS | <11.0.1 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211935 (Advisory)
- https://support.apple.com/en-us/HT211952 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9999
- CVE-2020-10002
- CVE-2020-9961
- CVE-2020-27912
- CVE-2020-9876
- CVE-2020-27917
- CVE-2020-27911
- CVE-2020-9981
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-9849
- CVE-2020-13631
- CVE-2020-9951
- CVE-2020-27918
- CVE-2020-9983
- CVE-2020-9947
- CVE-2020-36521
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27923
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27920
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9954
- CVE-2020-9976
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9968
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is the vulnerability ID for the information disclosure issue in SQLite?
The vulnerability ID is CVE-2020-9849.
Who addressed the information disclosure issue in SQLite?
The issue was addressed by SQLite.
What is the severity of the information disclosure issue in SQLite?
The severity of the issue is not specified.
Which software versions are affected by the information disclosure issue in SQLite?
The affected software versions include macOS Big Sur 11.0.1, tvOS 14.0, iOS 14.0, iPadOS 14.0, watchOS 7.0, iCloud for Windows 11.5, and iTunes for Windows 12.10.9.
How can I fix the information disclosure issue in SQLite?
To fix the issue, update to the recommended versions provided by Apple for the affected software.
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/apple macos big sur
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple icloud windows
- canonical/apple itunes windows
- version/apple itunes windows/12.0.0
- canonical/apple macos