CVE-2020-9775
MEDIUMiPadOS < 13.4 - Unprotected User Data Exposure via Picture-in-Picture State Handling
Title source: llmDescription
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211100
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211102
Scores
CVSS v3
5.3
EPSS
0.0086
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-665
Status
published
Products (3)
apple/ipados
< 13.4
apple/iphone_os
< 13.4
apple/mac_os_x
10.15 - 10.15.4
Published
Apr 01, 2020
Tracked Since
Feb 18, 2026