VDB
CVE-2020-9885
CVE-2020-9885
PUBLISHED
CVSS 4.300000190734863 MEDIUM
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.
EPSS 0.11% · 29.0th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.11%
29.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apple | tvos | 0, 0, 0 |
| apple | ipados | 0, 0, 0 |
| Apple | Safari | |
| apple | mac_os_x | 0, 0, 0 |
| Apple | macOS | |
| apple | watchos | 0, 0, 0 |
| Apple | N/A | |
| apple | iphone_os | 0, 0, 0 |
| Red Hat | VPN | n/a |
Exploit Intelligence
- CIRCL seen: CVE-2019-14899 (circl-sighting)
- CIRCL seen: CVE-2019-14899 (circl-sighting)
- [oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) (circl)
- https://support.apple.com/kb/HT211850 (circl)
- https://support.apple.com/kb/HT211289 (circl)
- 20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8 (circl)
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra (circl)
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899 (circl)
- https://support.apple.com/kb/HT211290 (circl)
…and 47 more exploits
Timeline
- Dec 16, 2019 PoC Published
- Oct 16, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://support.apple.com/en-us/HT211289 advisory
- https://support.apple.com/en-us/HT211288 advisory
- https://support.apple.com/en-us/HT211292 advisory
- https://support.apple.com/en-us/HT211291 advisory
- https://support.apple.com/en-us/HT211290 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899 url
- https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/ url
- https://support.apple.com/kb/HT211288 url
- https://support.apple.com/kb/HT211290 url
- https://support.apple.com/kb/HT211289 url
- 20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8 mailing-list
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra mailing-list
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 mailing-list
- [oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) mailing-list
- https://support.apple.com/kb/HT211850 url
- [oss-security] 20201007 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. mailing-list
- https://support.apple.com/kb/HT211931 url
- 20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 mailing-list
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 mailing-list
- [oss-security] 20210704 Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) mailing-list
…and 5 more