CVE-2020-9901

Summary

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

Affected Software

VendorProductVersion RangeStatus
AppleiOSunspecified < iOS 13.6 and iPadOS 13.6affected
ApplemacOSunspecified < macOS Catalina 10.15.6affected
AppletvOSunspecified < tvOS 13.4.8affected

Weaknesses

  • A local attacker may be able to elevate their privileges

ADP Enrichment

CVE Program Container

Additional References

References