Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-129
Vulnerability from certfr_avis - Published: 2019-03-26 - Updated: 2019-03-26
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS versions antérieures à 12.2 | ||
| Apple | macOS | Apple macOS Mojave versions antérieures à 10.14.4 | ||
| Apple | macOS | Apple macOS High Sierra sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | Apple iTunes pour Windows versions antérieures à 12.9.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 12.2 | ||
| Apple | macOS | Apple macOS Sierra sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | Apple Xcode versions antérieures à 10.2 | ||
| Apple | N/A | Apple iCloud pour Windows versions antérieures à 7.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 12.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Mojave versions ant\u00e9rieures \u00e0 10.14.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6222"
},
{
"name": "CVE-2019-8544",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8544"
},
{
"name": "CVE-2019-8566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8566"
},
{
"name": "CVE-2019-8524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8524"
},
{
"name": "CVE-2019-8518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8518"
},
{
"name": "CVE-2018-18313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18313"
},
{
"name": "CVE-2019-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8565"
},
{
"name": "CVE-2019-6207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6207"
},
{
"name": "CVE-2019-8507",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8507"
},
{
"name": "CVE-2019-8523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8523"
},
{
"name": "CVE-2019-8536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8536"
},
{
"name": "CVE-2019-8545",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8545"
},
{
"name": "CVE-2019-8511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8511"
},
{
"name": "CVE-2019-8561",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8561"
},
{
"name": "CVE-2019-8550",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8550"
},
{
"name": "CVE-2019-8546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8546"
},
{
"name": "CVE-2019-8504",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8504"
},
{
"name": "CVE-2019-7286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7286"
},
{
"name": "CVE-2019-8522",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8522"
},
{
"name": "CVE-2019-8517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8517"
},
{
"name": "CVE-2019-8515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8515"
},
{
"name": "CVE-2019-8562",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8562"
},
{
"name": "CVE-2019-6239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6239"
},
{
"name": "CVE-2019-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8540"
},
{
"name": "CVE-2019-8502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8502"
},
{
"name": "CVE-2019-8526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8526"
},
{
"name": "CVE-2019-8529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8529"
},
{
"name": "CVE-2019-6201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6201"
},
{
"name": "CVE-2019-8503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8503"
},
{
"name": "CVE-2019-8549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8549"
},
{
"name": "CVE-2018-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4461"
},
{
"name": "CVE-2019-7293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7293"
},
{
"name": "CVE-2019-8567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8567"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2019-8563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8563"
},
{
"name": "CVE-2019-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
},
{
"name": "CVE-2019-8514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8514"
},
{
"name": "CVE-2019-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8556"
},
{
"name": "CVE-2019-8513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8513"
},
{
"name": "CVE-2019-8512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8512"
},
{
"name": "CVE-2019-8510",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8510"
},
{
"name": "CVE-2018-12015",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12015"
},
{
"name": "CVE-2019-8527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8527"
},
{
"name": "CVE-2019-8516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8516"
},
{
"name": "CVE-2019-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8508"
},
{
"name": "CVE-2019-8533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8533"
},
{
"name": "CVE-2019-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8558"
},
{
"name": "CVE-2019-8530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8530"
},
{
"name": "CVE-2019-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8553"
},
{
"name": "CVE-2019-8505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8505"
},
{
"name": "CVE-2019-8520",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8520"
},
{
"name": "CVE-2019-8506",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8506"
},
{
"name": "CVE-2019-8542",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8542"
},
{
"name": "CVE-2019-8535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8535"
},
{
"name": "CVE-2019-7284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7284"
},
{
"name": "CVE-2019-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8555"
},
{
"name": "CVE-2019-6236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6236"
},
{
"name": "CVE-2019-8537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8537"
},
{
"name": "CVE-2019-7292",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7292"
},
{
"name": "CVE-2019-6204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6204"
},
{
"name": "CVE-2019-8521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8521"
},
{
"name": "CVE-2019-8519",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8519"
},
{
"name": "CVE-2019-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8551"
},
{
"name": "CVE-2019-8541",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8541"
},
{
"name": "CVE-2019-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6232"
},
{
"name": "CVE-2019-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8559"
},
{
"name": "CVE-2019-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8552"
},
{
"name": "CVE-2019-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7285"
},
{
"name": "CVE-2019-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8554"
}
],
"initial_release_date": "2019-03-26T00:00:00",
"last_revision_date": "2019-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209599 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209601 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209604 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209605 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209605"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209603 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209600 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209606 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209606"
}
]
}
CVE-2019-8505 (GCVE-0-2019-8505)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
Severity
No CVSS data available.
CWE
- Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209603 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209603",
"refsource": "MISC",
"url": "https://support.apple.com/HT209603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8505",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8506 (GCVE-0-2019-8506)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2025-10-21 23:35
VLAI
EPSS
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209603 | x_refsource_MISC |
| https://support.apple.com/HT209604 | x_refsource_MISC |
| https://support.apple.com/HT209605 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < watchOS 5.2
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes 12.9.4 for Windows
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-8506",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:41:25.943878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8506"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:55.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8506"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-04T00:00:00.000Z",
"value": "CVE-2019-8506 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.9.4 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.9.4 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.11"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209603",
"refsource": "MISC",
"url": "https://support.apple.com/HT209603"
},
{
"name": "https://support.apple.com/HT209604",
"refsource": "MISC",
"url": "https://support.apple.com/HT209604"
},
{
"name": "https://support.apple.com/HT209605",
"refsource": "MISC",
"url": "https://support.apple.com/HT209605"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8506",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:55.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8507 (GCVE-0-2019-8507)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
Severity
No CVSS data available.
CWE
- Processing malicious data may lead to unexpected application termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209600 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing malicious data may lead to unexpected application termination",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing malicious data may lead to unexpected application termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8507",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8508 (GCVE-0-2019-8508)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.
Severity
No CVSS data available.
CWE
- Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209600 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8508",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8510 (GCVE-0-2019-8510)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
Severity
No CVSS data available.
CWE
- A malicious application may be able to determine kernel memory layout
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to determine kernel memory layout",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to determine kernel memory layout"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8510",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8511 (GCVE-0-2019-8511)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.
Severity
No CVSS data available.
CWE
- A malicious application may be able to elevate privileges
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to elevate privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to elevate privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8511",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8512 (GCVE-0-2019-8512)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.
Severity
No CVSS data available.
CWE
- A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8512",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8513 (GCVE-0-2019-8513)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
Severity
No CVSS data available.
CWE
- A local user may be able to execute arbitrary shell commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209600 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to execute arbitrary shell commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to execute arbitrary shell commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8513",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8514 (GCVE-0-2019-8514)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
Severity
No CVSS data available.
CWE
- An application may be able to gain elevated privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to gain elevated privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to gain elevated privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8514",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8515 (GCVE-0-2019-8515)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:17
VLAI
EPSS
Summary
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may disclose sensitive user information
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209603 | x_refsource_MISC |
| https://support.apple.com/HT209604 | x_refsource_MISC |
| https://support.apple.com/HT209605 | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.2
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes 12.9.4 for Windows
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.9.4 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may disclose sensitive user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:16.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.9.4 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.11"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may disclose sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209603",
"refsource": "MISC",
"url": "https://support.apple.com/HT209603"
},
{
"name": "https://support.apple.com/HT209604",
"refsource": "MISC",
"url": "https://support.apple.com/HT209604"
},
{
"name": "https://support.apple.com/HT209605",
"refsource": "MISC",
"url": "https://support.apple.com/HT209605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8515",
"datePublished": "2019-12-18T17:33:16.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…