CVE-2020-9862

EPSS 1.7%

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 out 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.

Produtos afetados

Apple · iCloud for Windows Apple · iCloud for Windows (Legacy)Apple · iOS Apple · iTunes for Windows Apple · Safari Apple · tvOS Apple · watchOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295