CVE-2020-9839

EPSS 3.7%

Vexday Risk Score

18Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 3.7%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

18 Mar 2020Metasploit module available

09 Jun 2020Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

Affected products

Apple · iOS Apple · macOS Apple · tvOS Apple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/HT211168 https://support.apple.com/HT211170 https://support.apple.com/HT211171 https://support.apple.com/HT211175