CVE-2020-9782: Path Traversal

Q: What is CVE-2020-9782?

CVE-2020-9782 is a vulnerability in Apple macOS Catalina, Mojave, and High Sierra that relates to a parsing issue in the handling of directory paths.

Q: How does CVE-2020-9782 impact Apple macOS Catalina?

CVE-2020-9782 affects Apple macOS Catalina versions up to and excluding 10.15.2.

Q: What is the severity of CVE-2020-9782?

The severity of CVE-2020-9782 is not specified.

Q: How can I fix CVE-2020-9782?

To fix CVE-2020-9782, update your macOS Catalina to version 10.15.2 or newer as provided by Apple's support.

Q: Where can I find more information about CVE-2020-9782?

You can find more information about CVE-2020-9782 on Apple's support page at https://support.apple.com/en-us/HT210788.

Published Dec 10, 2019

Updated

Notes. A parsing issue in the handling of directory paths was addressed with improved path validation.

Other sources

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.

Credit

Allison Husain(UC Berkeley)

Affected Software

4 affected componentsFixes available

apple macOS Catalina<10.15.2

10.15.2

apple Mojave

apple High Sierra

Apple iOS and macOS<10.15.2

Event History

Oct 27, 2020

CVE Published

via MITRE·08:42 PM

Data Sourced

via MITRE·08:42 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210788

Frequently Asked Questions

What is CVE-2020-9782?

CVE-2020-9782 is a vulnerability in Apple macOS Catalina, Mojave, and High Sierra that relates to a parsing issue in the handling of directory paths.

How does CVE-2020-9782 impact Apple macOS Catalina?

CVE-2020-9782 affects Apple macOS Catalina versions up to and excluding 10.15.2.

What is the severity of CVE-2020-9782?

The severity of CVE-2020-9782 is not specified.

How can I fix CVE-2020-9782?