Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-204
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 5.2.1 | ||
| Apple | macOS | macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de sécurité Security Update 2019-003 | ||
| Apple | N/A | iOS versions antérieures à 12.3 | ||
| Apple | N/A | tvOS versions antérieures à 12.3 | ||
| Apple | N/A | Apple TV Software versions antérieures à 7.3 | ||
| Apple | Safari | Safari versions antérieures à 12.1.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de s\u00e9curit\u00e9 Security Update 2019-003",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV Software versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12.1.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8620"
},
{
"name": "CVE-2019-8596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8596"
},
{
"name": "CVE-2019-8634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8634"
},
{
"name": "CVE-2019-8595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8595"
},
{
"name": "CVE-2019-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8615"
},
{
"name": "CVE-2019-8590",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8590"
},
{
"name": "CVE-2019-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8574"
},
{
"name": "CVE-2019-8609",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8609"
},
{
"name": "CVE-2018-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4456"
},
{
"name": "CVE-2019-8613",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8613"
},
{
"name": "CVE-2019-8591",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8591"
},
{
"name": "CVE-2019-8626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8626"
},
{
"name": "CVE-2019-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8576"
},
{
"name": "CVE-2019-8571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8571"
},
{
"name": "CVE-2019-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8577"
},
{
"name": "CVE-2019-8600",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8600"
},
{
"name": "CVE-2019-8635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8635"
},
{
"name": "CVE-2019-8608",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8608"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2019-8602",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8602"
},
{
"name": "CVE-2017-14315",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14315"
},
{
"name": "CVE-2019-8593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8593"
},
{
"name": "CVE-2019-8569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8569"
},
{
"name": "CVE-2019-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6237"
},
{
"name": "CVE-2019-8599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8599"
},
{
"name": "CVE-2019-8597",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8597"
},
{
"name": "CVE-2019-8611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8611"
},
{
"name": "CVE-2019-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8623"
},
{
"name": "CVE-2019-8629",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8629"
},
{
"name": "CVE-2019-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8622"
},
{
"name": "CVE-2019-8637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8637"
},
{
"name": "CVE-2019-8560",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8560"
},
{
"name": "CVE-2019-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8617"
},
{
"name": "CVE-2019-8630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8630"
},
{
"name": "CVE-2019-8585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8585"
},
{
"name": "CVE-2019-8605",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8605"
},
{
"name": "CVE-2019-8604",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8604"
},
{
"name": "CVE-2019-8589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8589"
},
{
"name": "CVE-2019-8587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8587"
},
{
"name": "CVE-2019-8592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8592"
},
{
"name": "CVE-2019-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8619"
},
{
"name": "CVE-2019-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8610"
},
{
"name": "CVE-2019-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8628"
},
{
"name": "CVE-2019-8601",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8601"
},
{
"name": "CVE-2019-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8583"
},
{
"name": "CVE-2019-8606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8606"
},
{
"name": "CVE-2019-8603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8603"
},
{
"name": "CVE-2019-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8616"
},
{
"name": "CVE-2019-8586",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8586"
},
{
"name": "CVE-2019-8594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8594"
},
{
"name": "CVE-2017-6975",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6975"
},
{
"name": "CVE-2019-8568",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8568"
},
{
"name": "CVE-2019-8607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8607"
},
{
"name": "CVE-2019-8598",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8598"
},
{
"name": "CVE-2019-8584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8584"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-204",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210122 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210123 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210120 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210118 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210119 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210119"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210121 du 13 mai 2019",
"url": "https://support.apple.com/en-us/HT210121"
}
]
}
CVE-2017-14315 (GCVE-0-2017-14315)
Vulnerability from cvelistv5 – Published: 2017-09-12 15:00 – Updated: 2024-08-05 19:20
VLAI
EPSS
Summary
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100816 | vdb-entryx_refsource_BID |
| https://www.armis.com/blueborne | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/May/24 | mailing-listx_refsource_FULLDISC |
| https://support.apple.com/kb/HT210121 | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/May/30 | mailing-listx_refsource_BUGTRAQ |
Date Public
2017-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.armis.com/blueborne"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.armis.com/blueborne"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default \"Bluetooth On\" value must be present in Settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100816"
},
{
"name": "https://www.armis.com/blueborne",
"refsource": "MISC",
"url": "https://www.armis.com/blueborne"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14315",
"datePublished": "2017-09-12T15:00:00.000Z",
"dateReserved": "2017-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:20:41.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6975 (GCVE-0-2017-6975)
Vulnerability from cvelistv5 – Published: 2017-04-05 14:00 – Updated: 2024-08-05 15:49
VLAI
EPSS
Summary
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038172 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/97328 | vdb-entryx_refsource_BID |
| https://googleprojectzero.blogspot.com/2017/04/ov… | x_refsource_MISC |
| https://support.apple.com/HT207688 | x_refsource_CONFIRM |
| https://twitter.com/4Dgifts/status/849268365457850370 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/May/24 | mailing-listx_refsource_FULLDISC |
| https://support.apple.com/kb/HT210121 | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/May/30 | mailing-listx_refsource_BUGTRAQ |
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:49:02.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038172"
},
{
"name": "97328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/4Dgifts/status/849268365457850370"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:06:10.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1038172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038172"
},
{
"name": "97328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/4Dgifts/status/849268365457850370"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-6975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038172",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038172"
},
{
"name": "97328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97328"
},
{
"name": "https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html"
},
{
"name": "https://support.apple.com/HT207688",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207688"
},
{
"name": "https://twitter.com/4Dgifts/status/849268365457850370",
"refsource": "MISC",
"url": "https://twitter.com/4Dgifts/status/849268365457850370"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-6975",
"datePublished": "2017-04-05T14:00:00.000Z",
"dateReserved": "2017-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:49:02.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9417 (GCVE-0-2017-9417)
Vulnerability from cvelistv5 – Published: 2017-06-03 23:00 – Updated: 2024-08-05 17:02
VLAI
EPSS
Summary
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
| https://www.blackhat.com/us-17/briefings.html#bro… | x_refsource_MISC |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99482 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038950 | vdb-entryx_refsource_SECTRACK |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| http://www.securitytracker.com/id/1039330 | vdb-entryx_refsource_SECTRACK |
| http://seclists.org/fulldisclosure/2019/May/24 | mailing-listx_refsource_FULLDISC |
| https://support.apple.com/kb/HT210121 | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/May/30 | mailing-listx_refsource_BUGTRAQ |
Date Public
2017-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the \"Broadpwn\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417"
},
{
"name": "99482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99482"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "1039330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039330"
},
{
"name": "20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/24"
},
{
"name": "https://support.apple.com/kb/HT210121",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210121"
},
{
"name": "20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9417",
"datePublished": "2017-06-03T23:00:00.000Z",
"dateReserved": "2017-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4456 (GCVE-0-2018-4456)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:18
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.
Severity
No CVSS data available.
CWE
- An application may be able to execute arbitrary code with kernel privileges
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://support.apple.com/kb/HT209139 | x_refsource_MISC |
| https://support.apple.com/kb/HT208937 | x_refsource_MISC |
| https://support.apple.com/kb/HT209341 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/May/20 | mailing-listx_refsource_FULLDISC |
| https://support.apple.com/kb/HT210119 | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/May/27 | mailing-listx_refsource_BUGTRAQ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209341"
},
{
"name": "20190513 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210119"
},
{
"name": "20190514 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: macOS High Sierra 10.13.6, macOS Mojave 10.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:06:07.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT208937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209341"
},
{
"name": "20190513 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210119"
},
{
"name": "20190514 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: macOS High Sierra 10.13.6, macOS Mojave 10.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209139",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209139"
},
{
"name": "https://support.apple.com/kb/HT208937",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT208937"
},
{
"name": "https://support.apple.com/kb/HT209341",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209341"
},
{
"name": "20190513 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/20"
},
{
"name": "https://support.apple.com/kb/HT210119",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210119"
},
{
"name": "20190514 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4456",
"datePublished": "2019-04-03T17:43:19.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:18:26.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6237 (GCVE-0-2019-6237)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 20:16
VLAI
EPSS
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210118 | x_refsource_MISC |
| https://support.apple.com/HT210119 | x_refsource_MISC |
| https://support.apple.com/HT210120 | x_refsource_MISC |
| https://support.apple.com/HT210123 | x_refsource_MISC |
| https://support.apple.com/HT210124 | x_refsource_MISC |
| https://support.apple.com/HT210125 | x_refsource_MISC |
| https://support.apple.com/HT210212 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.3
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < macOS Mojave 10.14.5
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.3
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes for Windows 12.9.5
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes for Windows 12.9.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:15.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-6237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.5"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.3"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes for Windows 12.9.5"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.12"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210118",
"refsource": "MISC",
"url": "https://support.apple.com/HT210118"
},
{
"name": "https://support.apple.com/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/HT210119"
},
{
"name": "https://support.apple.com/HT210120",
"refsource": "MISC",
"url": "https://support.apple.com/HT210120"
},
{
"name": "https://support.apple.com/HT210123",
"refsource": "MISC",
"url": "https://support.apple.com/HT210123"
},
{
"name": "https://support.apple.com/HT210124",
"refsource": "MISC",
"url": "https://support.apple.com/HT210124"
},
{
"name": "https://support.apple.com/HT210125",
"refsource": "MISC",
"url": "https://support.apple.com/HT210125"
},
{
"name": "https://support.apple.com/HT210212",
"refsource": "MISC",
"url": "https://support.apple.com/HT210212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-6237",
"datePublished": "2019-12-18T17:33:15.000Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:24.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8560 (GCVE-0-2019-8560)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.
Severity
No CVSS data available.
CWE
- A malicious application may be able to read restricted memory
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210118 | x_refsource_MISC |
| https://support.apple.com/HT210119 | x_refsource_MISC |
| https://support.apple.com/HT210120 | x_refsource_MISC |
| https://support.apple.com/HT210122 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to read restricted memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:18.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.5"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.3"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210118",
"refsource": "MISC",
"url": "https://support.apple.com/HT210118"
},
{
"name": "https://support.apple.com/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/HT210119"
},
{
"name": "https://support.apple.com/HT210120",
"refsource": "MISC",
"url": "https://support.apple.com/HT210120"
},
{
"name": "https://support.apple.com/HT210122",
"refsource": "MISC",
"url": "https://support.apple.com/HT210122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8560",
"datePublished": "2019-12-18T17:33:18.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8568 (GCVE-0-2019-8568)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
Severity
No CVSS data available.
CWE
- A local user may be able to modify protected parts of the file system
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210118 | x_refsource_MISC |
| https://support.apple.com/HT210119 | x_refsource_MISC |
| https://support.apple.com/HT210120 | x_refsource_MISC |
| https://support.apple.com/HT210122 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local user may be able to modify protected parts of the file system",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:19.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.5"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.3"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to modify protected parts of the file system"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210118",
"refsource": "MISC",
"url": "https://support.apple.com/HT210118"
},
{
"name": "https://support.apple.com/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/HT210119"
},
{
"name": "https://support.apple.com/HT210120",
"refsource": "MISC",
"url": "https://support.apple.com/HT210120"
},
{
"name": "https://support.apple.com/HT210122",
"refsource": "MISC",
"url": "https://support.apple.com/HT210122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8568",
"datePublished": "2019-12-18T17:33:19.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8569 (GCVE-0-2019-8569)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:25 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges.
Severity
No CVSS data available.
CWE
- An application may be able to execute arbitrary code with system privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT209600 | x_refsource_MISC |
| https://support.apple.com/en-us/HT210119 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT209600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with system privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:25:10.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT209600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.14"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.14"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT209600"
},
{
"name": "https://support.apple.com/en-us/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8569",
"datePublished": "2020-10-27T19:25:10.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:29.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8571 (GCVE-0-2019-8571)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210118 | x_refsource_MISC |
| https://support.apple.com/HT210119 | x_refsource_MISC |
| https://support.apple.com/HT210120 | x_refsource_MISC |
| https://support.apple.com/HT210123 | x_refsource_MISC |
| https://support.apple.com/HT210124 | x_refsource_MISC |
| https://support.apple.com/HT210125 | x_refsource_MISC |
| https://support.apple.com/HT210212 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS |
Affected:
unspecified , < iOS 12.3
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < macOS Mojave 10.14.5
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < tvOS 12.3
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < Safari 12.1.1
(custom)
|
|
| Apple | iTunes for Windows |
Affected:
unspecified , < iTunes for Windows 12.9.5
(custom)
|
|
| Apple | iCloud for Windows |
Affected:
unspecified , < iCloud for Windows 7.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "Safari 12.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iTunes for Windows 12.9.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "iCloud for Windows 7.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:19.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.5"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.3"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Safari 12.1.1"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iTunes for Windows 12.9.5"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iCloud for Windows 7.12"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210118",
"refsource": "MISC",
"url": "https://support.apple.com/HT210118"
},
{
"name": "https://support.apple.com/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/HT210119"
},
{
"name": "https://support.apple.com/HT210120",
"refsource": "MISC",
"url": "https://support.apple.com/HT210120"
},
{
"name": "https://support.apple.com/HT210123",
"refsource": "MISC",
"url": "https://support.apple.com/HT210123"
},
{
"name": "https://support.apple.com/HT210124",
"refsource": "MISC",
"url": "https://support.apple.com/HT210124"
},
{
"name": "https://support.apple.com/HT210125",
"refsource": "MISC",
"url": "https://support.apple.com/HT210125"
},
{
"name": "https://support.apple.com/HT210212",
"refsource": "MISC",
"url": "https://support.apple.com/HT210212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8571",
"datePublished": "2019-12-18T17:33:19.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8574 (GCVE-0-2019-8574)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.
Severity
No CVSS data available.
CWE
- An application may be able to execute arbitrary code with system privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210118 | x_refsource_MISC |
| https://support.apple.com/HT210119 | x_refsource_MISC |
| https://support.apple.com/HT210120 | x_refsource_MISC |
| https://support.apple.com/HT210122 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:28.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Mojave 10.14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "tvOS 12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "watchOS 5.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with system privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:19.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Mojave 10.14.5"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "tvOS 12.3"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "watchOS 5.2.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210118",
"refsource": "MISC",
"url": "https://support.apple.com/HT210118"
},
{
"name": "https://support.apple.com/HT210119",
"refsource": "MISC",
"url": "https://support.apple.com/HT210119"
},
{
"name": "https://support.apple.com/HT210120",
"refsource": "MISC",
"url": "https://support.apple.com/HT210120"
},
{
"name": "https://support.apple.com/HT210122",
"refsource": "MISC",
"url": "https://support.apple.com/HT210122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8574",
"datePublished": "2019-12-18T17:33:19.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:28.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…