CVE-2020-9868

CRITICAL

iPadOS < 13.6 - Improper Certificate Validation

Title source: llm

Description

A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT211289

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT211288

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT211290

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT211291

Scores

CVSS v3 9.1

EPSS 0.0103

EPSS Percentile 59.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-295

Status published

Products (5)

apple/ipados < 13.6

apple/iphone_os < 13.6

apple/mac_os_x < 10.15.6

apple/tvos < 13.4.8

apple/watchos < 6.2.8

Published Oct 22, 2020

Tracked Since Feb 18, 2026