First published: Wed Jul 15 2020(Updated: )
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.
Credit: Cees Elzinga Zhongcheng Li (CK01) Zero product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
tvOS | <13.4.8 | 13.4.8 |
macOS Catalina | <10.15.6 | 10.15.6 |
macOS Mojave | ||
macOS High Sierra | ||
Apple iOS, iPadOS, and watchOS | <6.2.8 | 6.2.8 |
Apple iOS and iPadOS | <13.6 | 13.6 |
Apple iOS, iPadOS, and macOS | <13.6 | 13.6 |
Apple iOS, iPadOS, and macOS | <13.6 | |
iPhone OS | <13.6 | |
Apple iOS and macOS | <10.15.6 | |
tvOS | <13.4.8 | |
Apple iOS, iPadOS, and watchOS | <6.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2020-9900.
The affected software includes macOS Catalina (up to version 10.15.6), Mojave, High Sierra, iOS (up to version 13.6), iPadOS (up to version 13.6), watchOS (up to version 6.2.8), and tvOS (up to version 13.4.8).
The severity of CVE-2020-9900 is not specified in the provided information.
CVE-2020-9900 was addressed with improved path sanitization.
Additional information about this vulnerability can be found at the following references: [link1](https://support.apple.com/en-us/HT211289), [link2](https://support.apple.com/en-us/HT211288), [link3](https://support.apple.com/en-us/HT211291).