CVE-2020-9868

Summary

A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.

Affected Software

VendorProductVersion RangeStatus
AppleiOSunspecified < iOS 13.6 and iPadOS 13.6affected
ApplemacOSunspecified < macOS Catalina 10.15.6affected
AppletvOSunspecified < tvOS 13.4.8affected
ApplewatchOSunspecified < watchOS 6.2.8affected

Weaknesses

  • An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate

ADP Enrichment

CVE Program Container

Additional References

References