CVE-2020-9817: Critical severity macos catalina vulnerability

Q: What is CVE-2020-9817?

CVE-2020-9817 is a vulnerability in PackageKit that involves a permissions issue.

Q: Which versions of macOS are affected by CVE-2020-9817?

macOS Catalina 10.15.5, Mojave, and High Sierra are affected.

Q: How was CVE-2020-9817 addressed?

The vulnerability was addressed with improved permission validation.

Q: Is there a remedy for macOS Catalina 10.15.5?

Yes, macOS Catalina 10.15.5 has a specific remedy for this vulnerability.

Q: Where can I find more information about CVE-2020-9817?

You can find more information about CVE-2020-9817 at the following reference: [Apple Support](https://support.apple.com/en-us/HT211170)

Published May 26, 2020

Updated

PackageKit. A permissions issue existed. This issue was addressed with improved permission validation.

Other sources

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

Credit

Andy Grant(NCC Group)

Affected Software

27 affected componentsFixes available

apple macOS Catalina<10.15.5

10.15.5

apple Mojave

apple High Sierra

Apple iOS and macOS>=10.13<10.13.6

Apple iOS and macOS>=10.14<10.14.6

Apple iOS and macOS>=10.15<10.15.5

Apple iOS and macOS=10.13.6

Apple iOS and macOS=10.13.6-security_update_2018-002

Apple iOS and macOS=10.13.6-security_update_2018-003

Apple iOS and macOS=10.13.6-security_update_2019-001

Apple iOS and macOS=10.13.6-security_update_2019-002

Apple iOS and macOS=10.13.6-security_update_2019-003

Apple iOS and macOS=10.13.6-security_update_2019-004

Apple iOS and macOS=10.13.6-security_update_2019-005

Apple iOS and macOS=10.13.6-security_update_2019-006

Apple iOS and macOS=10.13.6-security_update_2019-007

Apple iOS and macOS=10.13.6-security_update_2020-001

Apple iOS and macOS=10.13.6-security_update_2020-002

Apple iOS and macOS=10.14.6

Apple iOS and macOS=10.14.6-security_update_2019-001

Apple iOS and macOS=10.14.6-security_update_2019-002

Apple iOS and macOS=10.14.6-security_update_2019-004

Apple iOS and macOS=10.14.6-security_update_2019-005

Apple iOS and macOS=10.14.6-security_update_2019-006

Apple iOS and macOS=10.14.6-security_update_2019-007

Apple iOS and macOS=10.14.6-security_update_2020-001

Apple iOS and macOS=10.14.6-security_update_2020-002

Event History

Jun 9, 2020

CVE Published

via MITRE·04:11 PM

Data Sourced

via MITRE·04:11 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211170

Frequently Asked Questions

What is CVE-2020-9817?

CVE-2020-9817 is a vulnerability in PackageKit that involves a permissions issue.

Which versions of macOS are affected by CVE-2020-9817?

macOS Catalina 10.15.5, Mojave, and High Sierra are affected.

How was CVE-2020-9817 addressed?

The vulnerability was addressed with improved permission validation.

Is there a remedy for macOS Catalina 10.15.5?