cvelistv5 - cve-2019-8779

CVE-2019-8779 (GCVE-0-2019-8779)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

Severity ?

No CVSS data available.

CWE

Third party app extensions may not receive the correct sandbox restrictions

Assigner

apple

References

URL

Tags

https://support.apple.com/HT210624

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apple	iOS	Affected: unspecified , < iOS 13.1.1 and iPadOS 13.1.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.1.1 and iPadOS 13.1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Third party app extensions may not receive the correct sandbox restrictions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:22",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.1.1 and iPadOS 13.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Third party app extensions may not receive the correct sandbox restrictions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210624",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8779",
    "datePublished": "2019-12-18T17:33:22",
    "dateReserved": "2019-02-18T00:00:00",
    "dateUpdated": "2024-08-04T21:31:37.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1.1\", \"matchCriteriaId\": \"05CE1E0C-3D1E-4661-8011-E231D9E5113B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1.1\", \"matchCriteriaId\": \"F6124AFA-93F3-4C04-A155-EB215733C5CF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.\"}, {\"lang\": \"es\", \"value\": \"Un problema l\\u00f3gico aplic\\u00f3 las restricciones incorrectas. Este problema fue abordado actualizando la l\\u00f3gica para aplicar las restricciones correctas. Este problema es corregido en iOS versi\\u00f3n 13.1.1 y iPadOS versi\\u00f3n 13.1.1. Las extensiones de aplicaciones de terceros pueden no recibir las restricciones de sandbox correctas.\"}]",
      "id": "CVE-2019-8779",
      "lastModified": "2024-11-21T04:50:27.503",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T18:15:40.397",
      "references": "[{\"url\": \"https://support.apple.com/HT210624\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8779\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:40.397\",\"lastModified\":\"2024-11-21T04:50:27.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.\"},{\"lang\":\"es\",\"value\":\"Un problema l\u00f3gico aplic\u00f3 las restricciones incorrectas. Este problema fue abordado actualizando la l\u00f3gica para aplicar las restricciones correctas. Este problema es corregido en iOS versi\u00f3n 13.1.1 y iPadOS versi\u00f3n 13.1.1. Las extensiones de aplicaciones de terceros pueden no recibir las restricciones de sandbox correctas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1.1\",\"matchCriteriaId\":\"05CE1E0C-3D1E-4661-8011-E231D9E5113B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1.1\",\"matchCriteriaId\":\"F6124AFA-93F3-4C04-A155-EB215733C5CF\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210624\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-8779

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT210624	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210624	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	ipados	*
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CE1E0C-3D1E-4661-8011-E231D9E5113B",
              "versionEndExcluding": "13.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6124AFA-93F3-4C04-A155-EB215733C5CF",
              "versionEndExcluding": "13.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions."
    },
    {
      "lang": "es",
      "value": "Un problema l\u00f3gico aplic\u00f3 las restricciones incorrectas. Este problema fue abordado actualizando la l\u00f3gica para aplicar las restricciones correctas. Este problema es corregido en iOS versi\u00f3n 13.1.1 y iPadOS versi\u00f3n 13.1.1. Las extensiones de aplicaciones de terceros pueden no recibir las restricciones de sandbox correctas."
    }
  ],
  "id": "CVE-2019-8779",
  "lastModified": "2024-11-21T04:50:27.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:40.397",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210624"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-473

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Apple iOS et iPadOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iOS versions antérieures à 13.1.1
	Apple	N/A	iPadOS versions antérieures à 13.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 27 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8779"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-473",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apple iOS et iPadOS. Elle permet\n\u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple iOS et iPadOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 27 septembre 2019",
      "url": "https://support.apple.com/en-us/HT210624"
    }
  ]
}

CERTFR-2019-AVI-473

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Apple iOS et iPadOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iOS versions antérieures à 13.1.1
	Apple	N/A	iPadOS versions antérieures à 13.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 27 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8779"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-473",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apple iOS et iPadOS. Elle permet\n\u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple iOS et iPadOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 27 septembre 2019",
      "url": "https://support.apple.com/en-us/HT210624"
    }
  ]
}

GHSA-R3VC-W727-947P

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8779"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.",
  "id": "GHSA-r3vc-w727-947p",
  "modified": "2022-05-24T17:04:34Z",
  "published": "2022-05-24T17:04:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8779"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210624"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-37183

Vulnerability from cnvd - Published: 2019-10-25

Title

Apple iOS和iPadOS Sandbox组件存在未明漏洞

Description

Apple iOS和Apple iPadOS都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。Sandbox是其中的一个沙盒组件。 Apple iOS 13.1.1之前版本和iPadOS 13.1.1之前版本中的Sandbox组件存在安全漏洞。攻击者可利用该漏洞绕过沙盒限制。

Severity

中

Patch Name

Apple iOS和iPadOS Sandbox组件存在未明漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT210624

Reference

https://support.apple.com/en-au/HT210624 https://www.auscert.org.au/bulletins/ESB-2019.3665/

Impacted products

Name
['Apple iPadOS <13.1.1', 'Apple IOS <13.1.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8779",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8779"
    }
  },
  "description": "Apple iOS\u548cApple iPadOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Sandbox\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6c99\u76d2\u7ec4\u4ef6\u3002\n\nApple iOS 13.1.1\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684Sandbox\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6c99\u76d2\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT210624",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-37183",
  "openTime": "2019-10-25",
  "patchDescription": "Apple iOS\u548cApple iPadOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Sandbox\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6c99\u76d2\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 13.1.1\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684Sandbox\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6c99\u76d2\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u548ciPadOS Sandbox\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iPadOS \u003c13.1.1",
      "Apple IOS \u003c13.1.1"
    ]
  },
  "referenceLink": "https://support.apple.com/en-au/HT210624\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.3665/",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-30",
  "title": "Apple iOS\u548ciPadOS Sandbox\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

VAR-201912-0132

Vulnerability from variot - Updated: 2023-12-18 13:33

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component in Apple iOS versions prior to 13.1.1 and iPadOS versions prior to 13.1.1. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1

iOS 13.1.1 and iPadOS 13.1.1 are now available and address the following:

Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Third party app extensions may not receive the correct sandbox restrictions Description: A logic issue applied the incorrect restrictions. CVE-2019-8779: Apple

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.1.1 and iPadOS 13.1.1".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2OQv8ACgkQBz4uGe3y 0M0khhAAlJIPFCMoN9t7dBGCAv7pAN/DB4vdQQe0GMf4wRI9gYWEZCZs5GGl3DWl lki8MyOl4kImWJrgYdK+muLCFo4oMhm2ieAyPYau14n/4ZBITe/PIP3JQT0jn+BA mtY+H2Lf1fACX49bNjpkIC0j05r4JGk7yggki0IOIkUyaoFCmCUNR8fV7clP8RK1 UUvo4scZ90axMMk4YzCqAEnHTeoUhqaYyCXirUThpMHhsZjbRbUQ497OOQ1B/N5W QSx0fsor2N6XvHA7g0dR4XrM+4U3xQgsdyQabMoqZG4Ua9UBnZ5n0kQi53kwLKWL wJtNb9VB27MvnwE4WmoHJcJPqXDE/4RaXV1Vd6m/0LGlRIHQRragKHzfYJSUhZ80 xd8H/E9yisSWGfflRziw5haPAatPKNvkHEy7kwC2/skbQ4vpb/CXnToiNIsSBnDl vn+wdjeW1gcnl2+q+BrhTPU2/wSxl3jUncjfNpq6LPzk+O3m9IN3Q6MTib4xkfZo poNmT0qCcTIK+7BZ3j5INP51ZCz7n9otD3l7LEI7dcb0bP2rM9yZZfdLILsNOyXc uAS6IFoq4Gwclma3rYbD2mgKPu94DQWTsiSBS3ZqSk+mc4cKphNc2U0Qq9Li31zB EEbk4iAT3QemSf7aAII5VhfRE+UOQ69JdIwJvIiN/tA3t4VsibQ= =12Lw -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0132",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1.1"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1.1 earlier"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1.1 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-8779",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-160214",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-8779",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8779",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-1335",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160214",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-8779",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component in Apple iOS versions prior to 13.1.1 and iPadOS versions prior to 13.1.1. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1\n\niOS 13.1.1 and iPadOS 13.1.1 are now available and address the\nfollowing:\n\nSandbox\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Third party app extensions may not receive the correct\nsandbox restrictions\nDescription: A logic issue applied the incorrect restrictions. \nCVE-2019-8779: Apple\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.1.1 and iPadOS 13.1.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2OQv8ACgkQBz4uGe3y\n0M0khhAAlJIPFCMoN9t7dBGCAv7pAN/DB4vdQQe0GMf4wRI9gYWEZCZs5GGl3DWl\nlki8MyOl4kImWJrgYdK+muLCFo4oMhm2ieAyPYau14n/4ZBITe/PIP3JQT0jn+BA\nmtY+H2Lf1fACX49bNjpkIC0j05r4JGk7yggki0IOIkUyaoFCmCUNR8fV7clP8RK1\nUUvo4scZ90axMMk4YzCqAEnHTeoUhqaYyCXirUThpMHhsZjbRbUQ497OOQ1B/N5W\nQSx0fsor2N6XvHA7g0dR4XrM+4U3xQgsdyQabMoqZG4Ua9UBnZ5n0kQi53kwLKWL\nwJtNb9VB27MvnwE4WmoHJcJPqXDE/4RaXV1Vd6m/0LGlRIHQRragKHzfYJSUhZ80\nxd8H/E9yisSWGfflRziw5haPAatPKNvkHEy7kwC2/skbQ4vpb/CXnToiNIsSBnDl\nvn+wdjeW1gcnl2+q+BrhTPU2/wSxl3jUncjfNpq6LPzk+O3m9IN3Q6MTib4xkfZo\npoNmT0qCcTIK+7BZ3j5INP51ZCz7n9otD3l7LEI7dcb0bP2rM9yZZfdLILsNOyXc\nuAS6IFoq4Gwclma3rYbD2mgKPu94DQWTsiSBS3ZqSk+mc4cKphNc2U0Qq9Li31zB\nEEbk4iAT3QemSf7aAII5VhfRE+UOQ69JdIwJvIiN/tA3t4VsibQ=\n=12Lw\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "PACKETSTORM",
        "id": "154670"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8779",
        "trust": 2.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154670",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91560805",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3665",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160214",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "PACKETSTORM",
        "id": "154670"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "id": "VAR-201912-0132",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:33:14.871000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iOS 13.1.1 and iPadOS 13.1.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210624"
      },
      {
        "title": "Apple iOS  and iPadOS Sandbox Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98725"
      },
      {
        "title": "Apple: iOS 13.1.1 and iPadOS 13.1.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=462ffacaee7e69b7f78c458a035c55a5"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht210624"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8779"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8779"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91560805/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210624"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154670/apple-security-advisory-2019-9-27-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3665/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210624"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/668.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht210624"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "PACKETSTORM",
        "id": "154670"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "db": "PACKETSTORM",
        "id": "154670"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "date": "2019-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "date": "2019-09-29T18:32:22",
        "db": "PACKETSTORM",
        "id": "154670"
      },
      {
        "date": "2019-12-18T18:15:40.397000",
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "date": "2019-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160214"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8779"
      },
      {
        "date": "2020-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      },
      {
        "date": "2019-12-26T15:58:57.967000",
        "db": "NVD",
        "id": "CVE-2019-8779"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iOS and  iPadOS Update to",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009768"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1335"
      }
    ],
    "trust": 0.6
  }
}

GSD-2019-8779

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8779

Aliases

CVE-2019-8779

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8779",
    "description": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.",
    "id": "GSD-2019-8779"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8779"
      ],
      "details": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.",
      "id": "GSD-2019-8779",
      "modified": "2023-12-13T01:23:48.516291Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8779",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.1.1 and iPadOS 13.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Third party app extensions may not receive the correct sandbox restrictions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210624",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210624"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8779"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210624",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210624"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-12-26T15:58Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8779 (GCVE-0-2019-8779)

FKIE_CVE-2019-8779

CERTFR-2019-AVI-473

Solution

CERTFR-2019-AVI-473

Solution

GHSA-R3VC-W727-947P

CNVD-2019-37183

VAR-201912-0132

GSD-2019-8779

Tags

Sightings

Nomenclature