First published: Wed Jul 15 2020(Updated: )
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.
Credit: Cees Elzinga Zhongcheng Li (CK01) ZeroCees Elzinga Zhongcheng Li (CK01) ZeroCees Elzinga Zhongcheng Li (CK01) ZeroCees Elzinga Zhongcheng Li (CK01) Zero product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Catalina | <10.15.6 | 10.15.6 |
Apple Mojave | ||
Apple High Sierra | ||
Apple iPadOS | <13.6 | |
Apple iPhone OS | <13.6 | |
Apple Mac OS X | <10.15.6 | |
Apple tvOS | <13.4.8 | |
Apple watchOS | <6.2.8 | |
Apple tvOS | <13.4.8 | 13.4.8 |
Apple iOS | <13.6 | 13.6 |
Apple iPadOS | <13.6 | 13.6 |
Apple watchOS | <6.2.8 | 6.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2020-9900.
The affected software includes macOS Catalina (up to version 10.15.6), Mojave, High Sierra, iOS (up to version 13.6), iPadOS (up to version 13.6), watchOS (up to version 6.2.8), and tvOS (up to version 13.4.8).
The severity of CVE-2020-9900 is not specified in the provided information.
CVE-2020-9900 was addressed with improved path sanitization.
Additional information about this vulnerability can be found at the following references: [link1](https://support.apple.com/en-us/HT211289), [link2](https://support.apple.com/en-us/HT211288), [link3](https://support.apple.com/en-us/HT211291).