Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-129
Vulnerability from certfr_avis - Published: 2019-03-26 - Updated: 2019-03-26
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS versions antérieures à 12.2 | ||
| Apple | macOS | Apple macOS Mojave versions antérieures à 10.14.4 | ||
| Apple | macOS | Apple macOS High Sierra sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | Apple iTunes pour Windows versions antérieures à 12.9.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 12.2 | ||
| Apple | macOS | Apple macOS Sierra sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | Apple Xcode versions antérieures à 10.2 | ||
| Apple | N/A | Apple iCloud pour Windows versions antérieures à 7.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 12.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Mojave versions ant\u00e9rieures \u00e0 10.14.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Sierra sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6222"
},
{
"name": "CVE-2019-8544",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8544"
},
{
"name": "CVE-2019-8566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8566"
},
{
"name": "CVE-2019-8524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8524"
},
{
"name": "CVE-2019-8518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8518"
},
{
"name": "CVE-2018-18313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18313"
},
{
"name": "CVE-2019-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8565"
},
{
"name": "CVE-2019-6207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6207"
},
{
"name": "CVE-2019-8507",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8507"
},
{
"name": "CVE-2019-8523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8523"
},
{
"name": "CVE-2019-8536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8536"
},
{
"name": "CVE-2019-8545",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8545"
},
{
"name": "CVE-2019-8511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8511"
},
{
"name": "CVE-2019-8561",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8561"
},
{
"name": "CVE-2019-8550",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8550"
},
{
"name": "CVE-2019-8546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8546"
},
{
"name": "CVE-2019-8504",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8504"
},
{
"name": "CVE-2019-7286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7286"
},
{
"name": "CVE-2019-8522",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8522"
},
{
"name": "CVE-2019-8517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8517"
},
{
"name": "CVE-2019-8515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8515"
},
{
"name": "CVE-2019-8562",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8562"
},
{
"name": "CVE-2019-6239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6239"
},
{
"name": "CVE-2019-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8540"
},
{
"name": "CVE-2019-8502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8502"
},
{
"name": "CVE-2019-8526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8526"
},
{
"name": "CVE-2019-8529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8529"
},
{
"name": "CVE-2019-6201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6201"
},
{
"name": "CVE-2019-8503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8503"
},
{
"name": "CVE-2019-8549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8549"
},
{
"name": "CVE-2018-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4461"
},
{
"name": "CVE-2019-7293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7293"
},
{
"name": "CVE-2019-8567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8567"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2019-8563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8563"
},
{
"name": "CVE-2019-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
},
{
"name": "CVE-2019-8514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8514"
},
{
"name": "CVE-2019-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8556"
},
{
"name": "CVE-2019-8513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8513"
},
{
"name": "CVE-2019-8512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8512"
},
{
"name": "CVE-2019-8510",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8510"
},
{
"name": "CVE-2018-12015",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12015"
},
{
"name": "CVE-2019-8527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8527"
},
{
"name": "CVE-2019-8516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8516"
},
{
"name": "CVE-2019-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8508"
},
{
"name": "CVE-2019-8533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8533"
},
{
"name": "CVE-2019-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8558"
},
{
"name": "CVE-2019-8530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8530"
},
{
"name": "CVE-2019-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8553"
},
{
"name": "CVE-2019-8505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8505"
},
{
"name": "CVE-2019-8520",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8520"
},
{
"name": "CVE-2019-8506",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8506"
},
{
"name": "CVE-2019-8542",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8542"
},
{
"name": "CVE-2019-8535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8535"
},
{
"name": "CVE-2019-7284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7284"
},
{
"name": "CVE-2019-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8555"
},
{
"name": "CVE-2019-6236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6236"
},
{
"name": "CVE-2019-8537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8537"
},
{
"name": "CVE-2019-7292",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7292"
},
{
"name": "CVE-2019-6204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6204"
},
{
"name": "CVE-2019-8521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8521"
},
{
"name": "CVE-2019-8519",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8519"
},
{
"name": "CVE-2019-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8551"
},
{
"name": "CVE-2019-8541",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8541"
},
{
"name": "CVE-2019-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6232"
},
{
"name": "CVE-2019-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8559"
},
{
"name": "CVE-2019-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8552"
},
{
"name": "CVE-2019-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7285"
},
{
"name": "CVE-2019-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8554"
}
],
"initial_release_date": "2019-03-26T00:00:00",
"last_revision_date": "2019-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209599 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209601 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209604 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209605 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209605"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209603 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209600 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209606 du 25 mars 2019",
"url": "https://support.apple.com/en-us/HT209606"
}
]
}
CVE-2019-8544 (GCVE-0-2019-8544)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209603 | x_refsource_MISC |
| https://support.apple.com/HT209604 | x_refsource_MISC |
| https://support.apple.com/HT209605 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < watchOS 5.2
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes 12.9.4 for Windows
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.9.4 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.9.4 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.11"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209603",
"refsource": "MISC",
"url": "https://support.apple.com/HT209603"
},
{
"name": "https://support.apple.com/HT209604",
"refsource": "MISC",
"url": "https://support.apple.com/HT209604"
},
{
"name": "https://support.apple.com/HT209605",
"refsource": "MISC",
"url": "https://support.apple.com/HT209605"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8544",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8545 (GCVE-0-2019-8545)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.
Severity
No CVSS data available.
CWE
- A local user may be able to cause unexpected system termination or read kernel memory
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to cause unexpected system termination or read kernel memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to cause unexpected system termination or read kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8545",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8546 (GCVE-0-2019-8546)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
Severity
No CVSS data available.
CWE
- A local user may be able to view sensitive user information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to view sensitive user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to view sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8546",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:29.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8549 (GCVE-0-2019-8549)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.
Severity
No CVSS data available.
CWE
- A malicious application may be able to execute arbitrary code with system privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to execute arbitrary code with system privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to execute arbitrary code with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8549",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8550 (GCVE-0-2019-8550)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
Severity
No CVSS data available.
CWE
- A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8550",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8551 (GCVE-0-2019-8551)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to universal cross site scripting
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209603 | x_refsource_MISC |
| https://support.apple.com/HT209604 | x_refsource_MISC |
| https://support.apple.com/HT209605 | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.2
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes 12.9.4 for Windows
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes 12.9.4 for Windows",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to universal cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes 12.9.4 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.11"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to universal cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209603",
"refsource": "MISC",
"url": "https://support.apple.com/HT209603"
},
{
"name": "https://support.apple.com/HT209604",
"refsource": "MISC",
"url": "https://support.apple.com/HT209604"
},
{
"name": "https://support.apple.com/HT209605",
"refsource": "MISC",
"url": "https://support.apple.com/HT209605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8551",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8552 (GCVE-0-2019-8552)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.
Severity
No CVSS data available.
CWE
- A malicious application may be able to elevate privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209600 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to elevate privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to elevate privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8552",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8553 (GCVE-0-2019-8553)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Clicking a malicious SMS link may lead to arbitrary code execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
| https://support.apple.com/HT209601 | x_refsource_MISC |
| https://support.apple.com/HT209602 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Clicking a malicious SMS link may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clicking a malicious SMS link may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
},
{
"name": "https://support.apple.com/HT209601",
"refsource": "MISC",
"url": "https://support.apple.com/HT209601"
},
{
"name": "https://support.apple.com/HT209602",
"refsource": "MISC",
"url": "https://support.apple.com/HT209602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8553",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8554 (GCVE-0-2019-8554)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent.
Severity
No CVSS data available.
CWE
- A website may be able to access sensor information without user consent
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209599 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A website may be able to access sensor information without user consent",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A website may be able to access sensor information without user consent"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209599",
"refsource": "MISC",
"url": "https://support.apple.com/HT209599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8554",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8555 (GCVE-0-2019-8555)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.
Severity
No CVSS data available.
CWE
- A malicious application may be able to execute arbitrary code with kernel privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/HT209600 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:27.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:17.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.4"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8555",
"datePublished": "2019-12-18T17:33:17.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:27.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…