Vulnerability-Lookup

CVE-2019-8775 (GCVE-0-2019-8775)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

Severity ?

No CVSS data available.

CWE

A person with physical access to an iOS device may be able to access contacts from the lock screen

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT210724	x_refsource_MISC
	https://support.apple.com/HT210603	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apple	iOS	Affected: unspecified , < iOS 13.1 and iPadOS 13.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:36.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210603"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.1 and iPadOS 13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A person with physical access to an iOS device may be able to access contacts from the lock screen",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:23.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210603"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.1 and iPadOS 13.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A person with physical access to an iOS device may be able to access contacts from the lock screen"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210724",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210724"
            },
            {
              "name": "https://support.apple.com/HT210603",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210603"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8775",
    "datePublished": "2019-12-18T17:33:23.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:31:36.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-8775",
      "date": "2026-04-14",
      "epss": "0.00114",
      "percentile": "0.29966"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1\", \"matchCriteriaId\": \"E1B56C2A-63FE-410E-96A2-AA757E55086D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1\", \"matchCriteriaId\": \"74FC47CB-6F80-4521-BE54-47B5630FF496\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1\", \"matchCriteriaId\": \"277FA1BB-BB95-49DD-B50C-00F4BEE9DDE1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.\"}, {\"lang\": \"es\", \"value\": \"El problema fue abordado restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema es corregido en iOS versi\\u00f3n 13.1 y iPadOS versi\\u00f3n 13.1. Una persona con acceso f\\u00edsico a un dispositivo con iOS puede acceder a los contactos desde la pantalla de bloqueo.\"}]",
      "id": "CVE-2019-8775",
      "lastModified": "2024-11-21T04:50:27.207",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 2.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T18:15:40.270",
      "references": "[{\"url\": \"https://support.apple.com/HT210603\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210724\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210603\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210724\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8775\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:40.270\",\"lastModified\":\"2024-11-21T04:50:27.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.\"},{\"lang\":\"es\",\"value\":\"El problema fue abordado restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema es corregido en iOS versi\u00f3n 13.1 y iPadOS versi\u00f3n 13.1. Una persona con acceso f\u00edsico a un dispositivo con iOS puede acceder a los contactos desde la pantalla de bloqueo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"E1B56C2A-63FE-410E-96A2-AA757E55086D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"74FC47CB-6F80-4521-BE54-47B5630FF496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"277FA1BB-BB95-49DD-B50C-00F4BEE9DDE1\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210603\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210724\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201912-0131

Vulnerability from variot - Updated: 2023-12-18 10:45

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt

App Store Available for: Apple Watch Series 1 and later Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8798: ABC Research s.r.o.

Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

iOS 13.1 and iPadOS 13.1 address the following:

AppleFirmwareUpdateKext Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8747: Mohamed Ghannam (@_simo36) Entry added October 29, 2019

Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019

Books Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8740: Mohamed Ghannam (@_simo36) Entry added October 29, 2019

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to determine kernel memory layout Description: The issue was addressed with improved permissions logic. CVE-2019-8780: Siguza

libxslt Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019

mDNSResponder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019

VoiceOver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8775: videosdebarraquito

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. CVE-2019-8769: Piérre Reimertz (@reimertz)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8710: found by OSS-Fuzz CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech CVE-2019-8763: Sergei Glazunov of Google Project Zero CVE-2019-8765: Samuel Groß of Google Project Zero CVE-2019-8766: found by OSS-Fuzz CVE-2019-8773: found by OSS-Fuzz

Additional recognition

boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum for their assistance. Entry added October 29, 2019

Find My iPhone We would like to acknowledge an anonymous researcher for their assistance.

Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Notes We would like to acknowledge an anonymous researcher for their assistance.

Share Sheet We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.

Status Bar We would like to acknowledge Isaiah Kahler, Mohammed Adham, and an anonymous researcher for their assistance.

Telephony We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.1 and iPadOS 13.1".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3wrA/9 G4tF+kYWc/7JI3gglC1/OqfJv+G+N5GnI6foGtyu9S8cSRx+bZFHTp4yYC6zmKow hCE9LZrWczuMvBlN134uMY9bj/12TaIbrbjeM3nink1FrnuXNOdfA4X4dEdkssRH DbAqbnjMlSgfH0Px+07utmrytRh4/EtQt+LNQqLUlsMzCgoPDRLlxNC0PhBdEjhr KXidFZ7g5v/RxIAuXFsjpUOfxUJxgMkTSIvxQu7mlGKEasKZOkXDmzVVogE0Zt3k Zsn3uSCL+r/qUVE8/LQMMOf192+0DB/0CHay/oyf9JteuAquMFZhvbqapDOpiFGh 33JN3gj/SA1N+7bJhoG+jx73IfQrHF5tBRwKb3saE/IKvM4WlKStRB1x3mmTlkxC mObxaGFmFjZNKgC+CXm0fQ0343jvTsw88RKM6XOlisybxEVLFHeBxrrFNIOU+C+w llItCsmC4iSe8s80Rwu52sLGpHRLtBBCB02sZqRCe4/znYpEA3vcWp8DtafSz4sc cEEYhJlyWOMKRpiszCpfw0AvbIX/QfudT+Vd414eQOdGzBPaM5TAMyudX+zfD27R hUYSPC3/ZqgxHkYk48SbCT74XpVZcgLVL4Rxxg4N6xW+zHtE8Cyl69cIAkSWP/rY 4fUMIYDjQlPNYof0CFuQRA4IrEQGtN3vDlxycfUWMts= =q3r7 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0131",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 11.0 earlier"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.15 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.10.2 for windows earlier"
      },
      {
        "model": "macos catalina",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.1 earlier"
      },
      {
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.6 (security update 2019-006 not applied )"
      },
      {
        "model": "macos mojave",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.6 (security update 2019-001 not applied )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.0.3 earlier"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 earlier"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1 earlier"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.2 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "db": "PACKETSTORM",
        "id": "154656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-8775",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-160210",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8775",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-1292",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160210",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. \nCVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at\nTechnische Universit\u00e4t Darmstadt\n\nApp Store\nAvailable for: Apple Watch Series 1 and later\nImpact: A local attacker may be able to login to the account of a\npreviously logged in user without valid credentials. \nCVE-2019-8798: ABC Research s.r.o. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-11 Additional information\nfor APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1\n\niOS 13.1 and iPadOS 13.1 address the following:\n\nAppleFirmwareUpdateKext\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2019-8747: Mohamed Ghannam (@_simo36)\nEntry added October 29, 2019\n\nAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\nEntry added October 29, 2019\n\nBooks\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: A resource exhaustion issue was addressed with improved\ninput validation. \nCVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2019-8740: Mohamed Ghannam (@_simo36)\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8780: Siguza\n\nlibxslt\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\nEntry added October 29, 2019\n\nmDNSResponder\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in physical proximity may be able to passively\nobserve device names in AWDL communications\nDescription: This issue was resolved by replacing device names with a\nrandom identifier. \nCVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\nEntry added October 29, 2019\n\nVoiceOver\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A person with physical access to an iOS device may be able to\naccess contacts from the lock screen\nDescription: The issue was addressed by restricting options offered\non a locked device. \nCVE-2019-8775: videosdebarraquito\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8710: found by OSS-Fuzz\nCVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi\u0027anxin\nGroup\nCVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech\nCVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech\nCVE-2019-8763: Sergei Glazunov of Google Project Zero\nCVE-2019-8765: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8766: found by OSS-Fuzz\nCVE-2019-8773: found by OSS-Fuzz\n\nAdditional recognition\n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum for their assistance. \nEntry added October 29, 2019\n\nFind My iPhone\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Service\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nNotes\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nShare Sheet\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nStatus Bar\nWe would like to acknowledge Isaiah Kahler, Mohammed Adham, and an\nanonymous researcher for their assistance. \n\nTelephony\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.1 and iPadOS 13.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3wrA/9\nG4tF+kYWc/7JI3gglC1/OqfJv+G+N5GnI6foGtyu9S8cSRx+bZFHTp4yYC6zmKow\nhCE9LZrWczuMvBlN134uMY9bj/12TaIbrbjeM3nink1FrnuXNOdfA4X4dEdkssRH\nDbAqbnjMlSgfH0Px+07utmrytRh4/EtQt+LNQqLUlsMzCgoPDRLlxNC0PhBdEjhr\nKXidFZ7g5v/RxIAuXFsjpUOfxUJxgMkTSIvxQu7mlGKEasKZOkXDmzVVogE0Zt3k\nZsn3uSCL+r/qUVE8/LQMMOf192+0DB/0CHay/oyf9JteuAquMFZhvbqapDOpiFGh\n33JN3gj/SA1N+7bJhoG+jx73IfQrHF5tBRwKb3saE/IKvM4WlKStRB1x3mmTlkxC\nmObxaGFmFjZNKgC+CXm0fQ0343jvTsw88RKM6XOlisybxEVLFHeBxrrFNIOU+C+w\nllItCsmC4iSe8s80Rwu52sLGpHRLtBBCB02sZqRCe4/znYpEA3vcWp8DtafSz4sc\ncEEYhJlyWOMKRpiszCpfw0AvbIX/QfudT+Vd414eQOdGzBPaM5TAMyudX+zfD27R\nhUYSPC3/ZqgxHkYk48SbCT74XpVZcgLVL4Rxxg4N6xW+zHtE8Cyl69cIAkSWP/rY\n4fUMIYDjQlPNYof0CFuQRA4IrEQGtN3vDlxycfUWMts=\n=q3r7\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "db": "PACKETSTORM",
        "id": "154656"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8775",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154656",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96749516",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155068",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3648",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4013",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160210",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155065",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "db": "PACKETSTORM",
        "id": "154656"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "id": "VAR-201912-0131",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:45:54.017000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iCloud for Windows 11.0",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210727"
      },
      {
        "title": "About the security content of iCloud for Windows 7.15",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210728"
      },
      {
        "title": "About the security content of iOS 13.2 and iPadOS 13.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210721"
      },
      {
        "title": "About the security content of Xcode 11.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210729"
      },
      {
        "title": "About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210722"
      },
      {
        "title": "About the security content of tvOS 13.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210723"
      },
      {
        "title": "About the security content of watchOS 6.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210724"
      },
      {
        "title": "About the security content of Safari 13.0.3",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210725"
      },
      {
        "title": "About the security content of iTunes 12.10.2 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210726"
      },
      {
        "title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht201260"
      },
      {
        "title": "Apple iOS  and Apple iPadOS VoiceOver Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98679"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210603"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210724"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8775"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8765"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8747"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8785"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8797"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8786"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8798"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8787"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8803"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8794"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96749516/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8822"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8802"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8788"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8804"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8805"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8793"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8807"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8821"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8784"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8795"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210603"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4013/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210603"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155068/apple-security-advisory-2019-10-29-11.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154656/apple-security-advisory-2019-9-26-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3648/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-13-information-disclosure-via-lock-screen-contacts-30459"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-privilege-escalation-via-extensions-30466"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8763"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8799"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "db": "PACKETSTORM",
        "id": "154656"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "db": "PACKETSTORM",
        "id": "154656"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "date": "2019-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "date": "2019-11-01T17:10:20",
        "db": "PACKETSTORM",
        "id": "155065"
      },
      {
        "date": "2019-11-01T17:11:25",
        "db": "PACKETSTORM",
        "id": "155068"
      },
      {
        "date": "2019-09-29T18:22:22",
        "db": "PACKETSTORM",
        "id": "154656"
      },
      {
        "date": "2019-12-18T18:15:40.270000",
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "date": "2019-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160210"
      },
      {
        "date": "2020-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-8775"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011304"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1292"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

FKIE_CVE-2019-8775

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50

Severity ?

2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT210603	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT210724	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210603	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210724	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B56C2A-63FE-410E-96A2-AA757E55086D",
              "versionEndExcluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74FC47CB-6F80-4521-BE54-47B5630FF496",
              "versionEndExcluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "277FA1BB-BB95-49DD-B50C-00F4BEE9DDE1",
              "versionEndExcluding": "6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen."
    },
    {
      "lang": "es",
      "value": "El problema fue abordado restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema es corregido en iOS versi\u00f3n 13.1 y iPadOS versi\u00f3n 13.1. Una persona con acceso f\u00edsico a un dispositivo con iOS puede acceder a los contactos desde la pantalla de bloqueo."
    }
  ],
  "id": "CVE-2019-8775",
  "lastModified": "2024-11-21T04:50:27.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:40.270",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210603"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210724"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-8775

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8775

Aliases

CVE-2019-8775

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8775",
    "description": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.",
    "id": "GSD-2019-8775"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8775"
      ],
      "details": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.",
      "id": "GSD-2019-8775",
      "modified": "2023-12-13T01:23:48.042213Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8775",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.1 and iPadOS 13.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A person with physical access to an iOS device may be able to access contacts from the lock screen"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210724",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210724"
          },
          {
            "name": "https://support.apple.com/HT210603",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210603"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8775"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210603",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210603"
            },
            {
              "name": "https://support.apple.com/HT210724",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210724"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

GHSA-RW6H-8VFV-6RM7

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "LOW"
  },
  "details": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.",
  "id": "GHSA-rw6h-8vfv-6rm7",
  "modified": "2022-05-24T17:04:34Z",
  "published": "2022-05-24T17:04:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8775"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210603"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210724"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-37179

Vulnerability from cnvd - Published: 2019-10-25

Title

Apple iOS和Apple iPadOS VoiceOver组件锁屏绕过漏洞

Description

Apple iOS和Apple iPadOS都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。VoiceOver是其中的一个语音辅助组件。 Apple iOS 13.1之前版本和iPadOS 13.1之前版本中的VoiceOver组件存在锁屏绕过漏洞，物理位置临近的攻击者可利用该漏洞从锁屏的设备上访问通讯录。

Severity

低

Patch Name

Apple iOS和Apple iPadOS VoiceOver组件锁屏绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT210603

Reference

https://support.apple.com/en-au/HT210603 https://www.auscert.org.au/bulletins/ESB-2019.3648/

Impacted products

Name
['Apple IOS <13.1', 'Apple iPadOS <13.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8775",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8775"
    }
  },
  "description": "Apple iOS\u548cApple iPadOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002VoiceOver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8bed\u97f3\u8f85\u52a9\u7ec4\u4ef6\u3002\n\nApple iOS 13.1\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684VoiceOver\u7ec4\u4ef6\u5b58\u5728\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u9501\u5c4f\u7684\u8bbe\u5907\u4e0a\u8bbf\u95ee\u901a\u8baf\u5f55\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT210603",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-37179",
  "openTime": "2019-10-25",
  "patchDescription": "Apple iOS\u548cApple iPadOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002VoiceOver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8bed\u97f3\u8f85\u52a9\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 13.1\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684VoiceOver\u7ec4\u4ef6\u5b58\u5728\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u9501\u5c4f\u7684\u8bbe\u5907\u4e0a\u8bbf\u95ee\u901a\u8baf\u5f55\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u548cApple iPadOS VoiceOver\u7ec4\u4ef6\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c13.1",
      "Apple iPadOS \u003c13.1"
    ]
  },
  "referenceLink": "https://support.apple.com/en-au/HT210603\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.3648/",
  "serverity": "\u4f4e",
  "submitTime": "2019-09-27",
  "title": "Apple iOS\u548cApple iPadOS VoiceOver\u7ec4\u4ef6\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8775 (GCVE-0-2019-8775)

VAR-201912-0131

CERTFR-2019-AVI-539

Solution

CERTFR-2019-AVI-539

Solution

FKIE_CVE-2019-8775

GSD-2019-8775

GHSA-RW6H-8VFV-6RM7

CNVD-2019-37179

Tags

Sightings

Nomenclature