cvelistv5 - cve-2019-8760

CVE-2019-8760 (GCVE-0-2019-8760)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

Severity ?

No CVSS data available.

CWE

A 3D model constructed to look like the enrolled user may authenticate via Face ID

Assigner

apple

References

URL

	Vendor	Product	Version
	Apple	iOS	Affected: unspecified , < iOS 13 (custom)

CNVD-2019-36464

Vulnerability from cnvd - Published: 2019-10-22

Title

Apple iOS Face ID组件存在未明漏洞

Description

Apple iOS是美国苹果（Apple）公司的一套为移动设备所开发的操作系统。Face ID是其中的一个面部身份识别组件。 Apple iOS 13之前版本中Face ID组件存在安全漏洞，攻击者可借助3D模型利用该漏洞进行身份验证。

Severity

中

Patch Name

Apple iOS Face ID组件存在未明漏洞的补丁

Patch Description

Apple iOS是美国苹果（Apple）公司的一套为移动设备所开发的操作系统。Face ID是其中的一个面部身份识别组件。 Apple iOS 13之前版本中Face ID组件存在安全漏洞，攻击者可借助3D模型利用该漏洞进行身份验证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT210606

Reference

https://support.apple.com/en-au/HT210606 https://www.auscert.org.au/bulletins/ESB-2019.3642/

Impacted products

Name
Apple iOS <13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8760"
    }
  },
  "description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Face ID\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9762\u90e8\u8eab\u4efd\u8bc6\u522b\u7ec4\u4ef6\u3002\n\nApple iOS 13\u4e4b\u524d\u7248\u672c\u4e2dFace ID\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a93D\u6a21\u578b\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT210606",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36464",
  "openTime": "2019-10-22",
  "patchDescription": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Face ID\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9762\u90e8\u8eab\u4efd\u8bc6\u522b\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 13\u4e4b\u524d\u7248\u672c\u4e2dFace ID\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a93D\u6a21\u578b\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS Face ID\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple iOS \u003c13"
  },
  "referenceLink": "https://support.apple.com/en-au/HT210606\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.3642/",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-29",
  "title": "Apple iOS Face ID\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

VAR-201912-0127

Vulnerability from variot - Updated: 2023-12-18 11:25

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Face ID is one of the facial recognition components. There is a security vulnerability in the Face ID component of Apple iOS versions prior to 13. Attackers can use 3D models to exploit this vulnerability for authentication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-9-26-3 iOS 13

iOS 13 addresses the following:

Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the display of notification previews. This issue was addressed with improved validation. CVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci (@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte Consulting, Ömer Bozdoğan-Ramazan Atıl Anadolu Lisesi Adana/TÜRKİYE

CoreAudio Available for: iPhone 6s and later Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8760: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab

Foundation Available for: iPhone 6s and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero

Keyboards Available for: iPhone 6s and later Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management. CVE-2019-8704: 王邦宇 (wAnyBug.Com) of SAINTSEC

Messages Available for: iPhone 6s and later Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8742: videosdebarraquito

Quick Look Available for: iPhone 6s and later Impact: Processing a maliciously crafted file may disclose user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT, Yiğit Can YILMAZ (@yilmazcanyigit)

Safari Available for: iPhone 6s and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management. CVE-2019-8727: Divyanshu Shukla (@justm0rph3u5) of Quotient Technology

WebKit Page Loading Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8674

Additional recognition

Bluetooth We would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile Networking Lab, Jiska Classen of TU Darmstadt, Secure Mobile Networking Lab, Francesco Gringoli of University of Brescia, Dennis Heinze of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

Control Center We would like to acknowledge Brandon Sellers for their assistance.

Keyboard We would like to acknowledge an anonymous researcher for their assistance.

Mail We would like to acknowledge Kenneth Hyndycz for their assistance.

Profiles We would like to acknowledge James Seeley (@Code4iOS) of Shriver Job Corps for their assistance.

SafariViewController We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGXUACgkQBz4uGe3y 0M0IaxAAsylDd2Oc5zuJXYgbN/WXihPF0k8Swhxypi65S1NbMLMrvL64NDPEpp2W BQ10PBqcPR4KDEnxTBn4AbcMPJE+U9LDcclv8+L2mopbjhQKBOKbCnWuxTfN2wk7 XfuSci+dFA4mQ3GPX6s+2+vqT59O001QeOQqvSDxBFsjlQTW1Vq96YHHb0KC4tDO r3nZZWboCPpVNkyXdFwKd6m+eqqMJaMNTj5el/5AZ3H7ynSe7sKI/gvZWgZSj/Nj hnbHIEAVCBwBzLY+3MQ8qNKi3M/gDbTYkuEj0+yUZ45gfj/ZgOyznggkn1yXA/Qw 7Uo1W1u75M3tHx1citWdQAq3UsGT8yxMQkYyZzU0h7bwNR6k6jy7NblAYEGNaas9 aMBxkL80QR8HvQmalMHgexC/bgg8grmf0ZzBmJcW9/zdYXcwPPn3dcukLQqXNo4o CgBDmLScJS9/0ULAk1MUgtb+FgmgI+u4pKqr6BRuEOCuyU8Pu4t0DzG/g7sVdCf4 EzVTrYjFLstd+waAj0TD4fCMDzrtc920Kfetxoq0tUkBj25KrWLrkhzgVCRd+GP8 o4IMT1AVuwxdmUQxsaQIC7qRWtYOwsGD4eSYXyZWfNvhacRm7QCNVGcYiw7bdd/u Q6eST5657wg/kFHQybkilyZ2DhyToMzW6kBkbXazY2ITiAegwp8= =uZLp -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0127",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13   (iphone x or later )"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Wish Wu ( Wu Weichen  @wish_wu) of Ant-financial Light-Year Security Lab",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-8760",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-8760",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-160195",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-8760",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8760",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-1283",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160195",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Face ID is one of the facial recognition components. There is a security vulnerability in the Face ID component of Apple iOS versions prior to 13. Attackers can use 3D models to exploit this vulnerability for authentication. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-3 iOS 13\n\niOS 13 addresses the following:\n\nBluetooth\nAvailable for: iPhone 6s and later\nImpact: Notification previews may show on Bluetooth accessories even\nwhen previews are disabled\nDescription: A logic issue existed with the display of notification\npreviews. This issue was addressed with improved validation. \nCVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci\n(@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte\nConsulting, \u00d6mer Bozdo\u011fan-Ramazan At\u0131l Anadolu Lisesi Adana/T\u00dcRK\u0130YE\n\nCoreAudio\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8760: Wish Wu (\u5434\u6f4d\u6d60 @wish_wu) of Ant-financial Light-Year\nSecurity Lab\n\nFoundation\nAvailable for: iPhone 6s and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8641: Samuel Gro\u00df and Natalie Silvanovich of Google Project\nZero\n\nKeyboards\nAvailable for: iPhone 6s and later\nImpact: A local user may be able to leak sensitive user information\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2019-8704: \u738b \u90a6 \u5b87 (wAnyBug.Com) of SAINTSEC\n\nMessages\nAvailable for: iPhone 6s and later\nImpact: A person with physical access to an iOS device may be able to\naccess contacts from the lock screen\nDescription: The issue was addressed by restricting options offered\non a locked device. \nCVE-2019-8742: videosdebarraquito\n\nQuick Look\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed with improved\npermission validation. \nCVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT,\nYi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nSafari\nAvailable for: iPhone 6s and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8727: Divyanshu Shukla (@justm0rph3u5) of Quotient\nTechnology\n\nWebKit Page Loading\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8674\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile\nNetworking Lab, Jiska Classen of TU Darmstadt, Secure Mobile\nNetworking Lab, Francesco Gringoli of University of Brescia, Dennis\nHeinze of TU Darmstadt, Secure Mobile Networking Lab for their\nassistance. \n\nControl Center\nWe would like to acknowledge Brandon Sellers for their assistance. \n\nKeyboard\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail\nWe would like to acknowledge Kenneth Hyndycz for their assistance. \n\nProfiles\nWe would like to acknowledge James Seeley (@Code4iOS) of Shriver Job\nCorps for their assistance. \n\nSafariViewController\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGXUACgkQBz4uGe3y\n0M0IaxAAsylDd2Oc5zuJXYgbN/WXihPF0k8Swhxypi65S1NbMLMrvL64NDPEpp2W\nBQ10PBqcPR4KDEnxTBn4AbcMPJE+U9LDcclv8+L2mopbjhQKBOKbCnWuxTfN2wk7\nXfuSci+dFA4mQ3GPX6s+2+vqT59O001QeOQqvSDxBFsjlQTW1Vq96YHHb0KC4tDO\nr3nZZWboCPpVNkyXdFwKd6m+eqqMJaMNTj5el/5AZ3H7ynSe7sKI/gvZWgZSj/Nj\nhnbHIEAVCBwBzLY+3MQ8qNKi3M/gDbTYkuEj0+yUZ45gfj/ZgOyznggkn1yXA/Qw\n7Uo1W1u75M3tHx1citWdQAq3UsGT8yxMQkYyZzU0h7bwNR6k6jy7NblAYEGNaas9\naMBxkL80QR8HvQmalMHgexC/bgg8grmf0ZzBmJcW9/zdYXcwPPn3dcukLQqXNo4o\nCgBDmLScJS9/0ULAk1MUgtb+FgmgI+u4pKqr6BRuEOCuyU8Pu4t0DzG/g7sVdCf4\nEzVTrYjFLstd+waAj0TD4fCMDzrtc920Kfetxoq0tUkBj25KrWLrkhzgVCRd+GP8\no4IMT1AVuwxdmUQxsaQIC7qRWtYOwsGD4eSYXyZWfNvhacRm7QCNVGcYiw7bdd/u\nQ6eST5657wg/kFHQybkilyZ2DhyToMzW6kBkbXazY2ITiAegwp8=\n=uZLp\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "PACKETSTORM",
        "id": "154641"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8760",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3642",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154641",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "PACKETSTORM",
        "id": "154641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "id": "VAR-201912-0127",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:25:48.728000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210606",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210606"
      },
      {
        "title": "HT210606",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210606"
      },
      {
        "title": "Apple iOS Face ID Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98670"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-326",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210606"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8760"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8760"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210606"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210606"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-12-multiple-vulnerabilities-30457"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3642/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8727"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8711"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8742"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8731"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "PACKETSTORM",
        "id": "154641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "db": "PACKETSTORM",
        "id": "154641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "date": "2020-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "date": "2019-09-27T15:01:11",
        "db": "PACKETSTORM",
        "id": "154641"
      },
      {
        "date": "2019-12-18T18:15:39.257000",
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "date": "2019-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160195"
      },
      {
        "date": "2020-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-8760"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iOS Vulnerabilities related to cryptographic strength",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013749"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1283"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-8760

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50

Severity ?

6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT210606	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210606	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E861BE-9AB7-45CE-8977-BA832ACB6F30",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID."
    },
    {
      "lang": "es",
      "value": "Este problema fue corregido mejorando los modelos de aprendizaje autom\u00e1tico de Face ID. Este problema fue corregido en iOS versi\u00f3n 13. Un modelo 3D construido para parecerse al usuario inscrito puede autenticarse mediante Face ID."
    }
  ],
  "id": "CVE-2019-8760",
  "lastModified": "2024-11-21T04:50:25.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:39.257",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210606"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-8760

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

Aliases

CVE-2019-8760

Aliases

CVE-2019-8760

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8760",
    "description": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.",
    "id": "GSD-2019-8760"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8760"
      ],
      "details": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.",
      "id": "GSD-2019-8760",
      "modified": "2023-12-13T01:23:48.421528Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8760",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A 3D model constructed to look like the enrolled user may authenticate via Face ID"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210606",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210606"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8760"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210606",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210606"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

GHSA-CPX5-433M-C69M

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2024-04-04 02:44

Details

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.",
  "id": "GHSA-cpx5-433m-c69m",
  "modified": "2024-04-04T02:44:19Z",
  "published": "2022-05-24T17:04:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8760"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210606"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8760 (GCVE-0-2019-8760)

CNVD-2019-36464

VAR-201912-0127

FKIE_CVE-2019-8760

GSD-2019-8760

GHSA-CPX5-433M-C69M

Tags

Sightings

Nomenclature