|Number of vulnerabilities||1|
|CVE ID|| CVE-2020-9992
|CWE ID|| CWE-311
|Exploitation vector||Local network|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Universal components / Libraries / Software for developers
This security advisory describes one medium risk vulnerability.
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to missing encryption on communication during a debug session over the network. A remote attacker with access to the same network as the device can inject and execute arbitrary code on the system.
Install updates from vendor's website.Vulnerable software versions
Apple Xcode: 11.0, 11.2, 11.2.1, 11.3, 11.4, 11.5, 11.6, 11.7CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.