CVE-2020-9848 : Security Advisory and Response
Learn about CVE-2020-9848, an iOS and iPadOS 13.5 vulnerability allowing unauthorized viewing of lockscreen notifications. Find mitigation steps and long-term security practices.
An authorization issue in iOS and iPadOS 13.5 allowed viewing notification contents from the lockscreen.
Understanding CVE-2020-9848
An overview of the security vulnerability in iOS and iPadOS 13.5.
What is CVE-2020-9848?
This CVE addresses an authorization issue in iOS and iPadOS 13.5 that could potentially allow a person with physical access to an iOS device to view notification contents from the lockscreen.
The Impact of CVE-2020-9848
The vulnerability could lead to unauthorized access to sensitive information displayed in notifications on the lockscreen of affected devices.
Technical Details of CVE-2020-9848
Insight into the technical aspects of the CVE.
Vulnerability Description
- An authorization issue was fixed with improved state management in iOS 13.5 and iPadOS 13.5.
Affected Systems and Versions
- Product: iOS
- Vendor: Apple
- Versions Affected: iOS 13.5 and iPadOS 13.5
Exploitation Mechanism
- A person with physical access to the device could exploit the vulnerability to view notification contents from the lockscreen.
Mitigation and Prevention
Measures to address and prevent the CVE.
Immediate Steps to Take
- Update affected devices to iOS 13.5 or iPadOS 13.5 to mitigate the vulnerability.
- Avoid leaving devices unattended to prevent unauthorized physical access.
Long-Term Security Practices
- Enable additional security features like Face ID or Touch ID for lockscreen protection.
- Regularly check for and install security updates to stay protected.
Patching and Updates
- Apple released fixes in iOS 13.5 and iPadOS 13.5 to address this vulnerability.