CVE-2020-9857: Input Validation
NSURL. An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
Other sources
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2020-9827
- CVE-2020-9772
- CVE-2020-9826
- CVE-2020-9842
- CVE-2020-9804
- CVE-2020-9815
- CVE-2020-9791
- CVE-2020-9831
- CVE-2020-9779
- CVE-2020-3882
- CVE-2020-9828
- CVE-2020-9856
- CVE-2020-9847
- CVE-2020-9855
- CVE-2020-9816
- CVE-2020-3878
- CVE-2020-9789
- CVE-2020-9790
- CVE-2020-9822
- CVE-2020-9796
- CVE-2020-9837
- CVE-2020-9821
- CVE-2020-9797
- CVE-2020-9852
- CVE-2020-9795
- CVE-2020-9808
- CVE-2020-9811
- CVE-2020-9812
- CVE-2020-9813
- CVE-2020-9814
- CVE-2020-9809
- CVE-2019-14868
- CVE-2020-9994
- CVE-2020-9857
- CVE-2020-9817
- CVE-2020-9851
- CVE-2020-9793
- CVE-2014-9512
- CVE-2020-9825
- CVE-2020-9771
- CVE-2020-9788
- CVE-2020-9854
- CVE-2020-9824
- CVE-2020-9810
- CVE-2020-9794
- CVE-2020-9839
- CVE-2020-9792
- CVE-2020-9844
- CVE-2020-9830
- CVE-2020-9834
- CVE-2020-9833
- CVE-2020-9832
- CVE-2020-9841
- CVE-2019-20044
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2020-9857.
What is the affected software?
The affected software includes macOS Catalina (version up to but excluding 10.15.5), Mojave, and High Sierra.
What is the severity of CVE-2020-9857?
The severity of CVE-2020-9857 has not been specified.
How can I fix CVE-2020-9857?
To fix CVE-2020-9857, update to macOS Catalina version 10.15.5 or later.
Where can I find more information about CVE-2020-9857?
You can find more information about CVE-2020-9857 on the Apple support website.