Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-8789 (GCVE-0-2019-8789)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31
VLAI?
EPSS
Summary
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
Severity ?
No CVSS data available.
CWE
- Parsing a maliciously crafted iBooks file may lead to disclosure of user information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "iOS 13.2 and iPadOS 13.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "macOS Catalina 10.15.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Parsing a maliciously crafted iBooks file may lead to disclosure of user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:23",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.2 and iPadOS 13.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing a maliciously crafted iBooks file may lead to disclosure of user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210721",
"refsource": "MISC",
"url": "https://support.apple.com/HT210721"
},
{
"name": "https://support.apple.com/HT210722",
"refsource": "MISC",
"url": "https://support.apple.com/HT210722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8789",
"datePublished": "2019-12-18T17:33:23",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.2\", \"matchCriteriaId\": \"AD59FD8B-5C11-469A-91E8-B3EB904AB1EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.2\", \"matchCriteriaId\": \"13864229-C006-4C72-AAE3-90F009375CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.1\", \"matchCriteriaId\": \"E773457A-E670-4DDA-86E2-0923C1DCD9BA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.\"}, {\"lang\": \"es\", \"value\": \"Se present\\u00f3 un problema de comprobaci\\u00f3n en el manejo de enlaces simb\\u00f3licos. Este problema fue abordado con una comprobaci\\u00f3n mejorada de los enlaces simb\\u00f3licos. Este problema es corregido en iOS versi\\u00f3n 13.2 y iPadOS versi\\u00f3n 13.2, macOS Catalina versi\\u00f3n 10.15.1. Analizar un archivo iBooks dise\\u00f1ado maliciosamente puede conllevar a una divulgaci\\u00f3n de informaci\\u00f3n del usuario.\"}]",
"id": "CVE-2019-8789",
"lastModified": "2024-11-21T04:50:28.697",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-12-18T18:15:41.520",
"references": "[{\"url\": \"https://support.apple.com/HT210721\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210722\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210722\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8789\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:41.520\",\"lastModified\":\"2024-11-21T04:50:28.697\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema de comprobaci\u00f3n en el manejo de enlaces simb\u00f3licos. Este problema fue abordado con una comprobaci\u00f3n mejorada de los enlaces simb\u00f3licos. Este problema es corregido en iOS versi\u00f3n 13.2 y iPadOS versi\u00f3n 13.2, macOS Catalina versi\u00f3n 10.15.1. Analizar un archivo iBooks dise\u00f1ado maliciosamente puede conllevar a una divulgaci\u00f3n de informaci\u00f3n del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.2\",\"matchCriteriaId\":\"AD59FD8B-5C11-469A-91E8-B3EB904AB1EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.2\",\"matchCriteriaId\":\"13864229-C006-4C72-AAE3-90F009375CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.1\",\"matchCriteriaId\":\"E773457A-E670-4DDA-86E2-0923C1DCD9BA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210721\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210722\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2019-8789
Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50
Severity ?
Summary
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/HT210721 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT210722 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT210721 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT210722 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59FD8B-5C11-469A-91E8-B3EB904AB1EF",
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13864229-C006-4C72-AAE3-90F009375CA5",
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E773457A-E670-4DDA-86E2-0923C1DCD9BA",
"versionEndExcluding": "10.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information."
},
{
"lang": "es",
"value": "Se present\u00f3 un problema de comprobaci\u00f3n en el manejo de enlaces simb\u00f3licos. Este problema fue abordado con una comprobaci\u00f3n mejorada de los enlaces simb\u00f3licos. Este problema es corregido en iOS versi\u00f3n 13.2 y iPadOS versi\u00f3n 13.2, macOS Catalina versi\u00f3n 10.15.1. Analizar un archivo iBooks dise\u00f1ado maliciosamente puede conllevar a una divulgaci\u00f3n de informaci\u00f3n del usuario."
}
],
"id": "CVE-2019-8789",
"lastModified": "2024-11-21T04:50:28.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T18:15:41.520",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210721"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210722"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2019-AVI-539
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 6.1 | ||
| Apple | N/A | tvOS versions antérieures à 13.2 | ||
| Apple | N/A | iCloud pour Windows 10 versions antérieures à 11.0 | ||
| Apple | Safari | Safari versions antérieures à 13.0.3 | ||
| Apple | N/A | iOS versions antérieures à 13.2 | ||
| Apple | N/A | iPadOS versions antérieures à 13.2 | ||
| Apple | N/A | iCloud pour Windows 7 versions antérieures à 7.15 | ||
| Apple | N/A | iTunes versions antérieures à 12.10.2 | ||
| Apple | macOS | macOS Catalina versions antérieures à 10.15.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8788",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
},
{
"name": "CVE-2019-8764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
},
{
"name": "CVE-2019-8793",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
},
{
"name": "CVE-2019-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
},
{
"name": "CVE-2019-8747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
},
{
"name": "CVE-2018-12153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
},
{
"name": "CVE-2019-8767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
},
{
"name": "CVE-2019-8813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
},
{
"name": "CVE-2019-8736",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
},
{
"name": "CVE-2019-8756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
},
{
"name": "CVE-2019-8808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
},
{
"name": "CVE-2019-8815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
},
{
"name": "CVE-2019-8807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
},
{
"name": "CVE-2019-8765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
},
{
"name": "CVE-2019-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
},
{
"name": "CVE-2019-8509",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
},
{
"name": "CVE-2017-7152",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
},
{
"name": "CVE-2019-8794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
},
{
"name": "CVE-2019-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
},
{
"name": "CVE-2019-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
},
{
"name": "CVE-2019-8785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
},
{
"name": "CVE-2019-8708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
},
{
"name": "CVE-2019-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
},
{
"name": "CVE-2019-8749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
},
{
"name": "CVE-2019-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
},
{
"name": "CVE-2019-8716",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
},
{
"name": "CVE-2019-8812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
},
{
"name": "CVE-2019-8802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
},
{
"name": "CVE-2019-8784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
},
{
"name": "CVE-2019-8737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
},
{
"name": "CVE-2019-8821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
},
{
"name": "CVE-2019-8820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
},
{
"name": "CVE-2019-8795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
},
{
"name": "CVE-2019-8766",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
},
{
"name": "CVE-2019-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
},
{
"name": "CVE-2019-8819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
},
{
"name": "CVE-2019-8789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
},
{
"name": "CVE-2019-8759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
},
{
"name": "CVE-2019-8744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
},
{
"name": "CVE-2019-8822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
},
{
"name": "CVE-2019-8801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
},
{
"name": "CVE-2019-8803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
},
{
"name": "CVE-2019-8783",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
},
{
"name": "CVE-2019-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
},
{
"name": "CVE-2019-8750",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
},
{
"name": "CVE-2018-12152",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
},
{
"name": "CVE-2019-8786",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
},
{
"name": "CVE-2019-8787",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
},
{
"name": "CVE-2019-8823",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
},
{
"name": "CVE-2019-8798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
},
{
"name": "CVE-2019-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
},
{
"name": "CVE-2019-8761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
},
{
"name": "CVE-2019-8814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
},
{
"name": "CVE-2019-8797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
},
{
"name": "CVE-2018-12154",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
},
{
"name": "CVE-2019-8811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
},
{
"name": "CVE-2019-8782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210722"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210727"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210723"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210725"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210726"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210724"
}
],
"reference": "CERTFR-2019-AVI-539",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-30T00:00:00.000000"
},
{
"description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
"revision_date": "2019-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
"url": null
}
]
}
CERTFR-2019-AVI-539
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 6.1 | ||
| Apple | N/A | tvOS versions antérieures à 13.2 | ||
| Apple | N/A | iCloud pour Windows 10 versions antérieures à 11.0 | ||
| Apple | Safari | Safari versions antérieures à 13.0.3 | ||
| Apple | N/A | iOS versions antérieures à 13.2 | ||
| Apple | N/A | iPadOS versions antérieures à 13.2 | ||
| Apple | N/A | iCloud pour Windows 7 versions antérieures à 7.15 | ||
| Apple | N/A | iTunes versions antérieures à 12.10.2 | ||
| Apple | macOS | macOS Catalina versions antérieures à 10.15.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8788",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
},
{
"name": "CVE-2019-8764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
},
{
"name": "CVE-2019-8793",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
},
{
"name": "CVE-2019-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
},
{
"name": "CVE-2019-8747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
},
{
"name": "CVE-2018-12153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
},
{
"name": "CVE-2019-8767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
},
{
"name": "CVE-2019-8813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
},
{
"name": "CVE-2019-8736",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
},
{
"name": "CVE-2019-8756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
},
{
"name": "CVE-2019-8808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
},
{
"name": "CVE-2019-8815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
},
{
"name": "CVE-2019-8807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
},
{
"name": "CVE-2019-8765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
},
{
"name": "CVE-2019-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
},
{
"name": "CVE-2019-8509",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
},
{
"name": "CVE-2017-7152",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
},
{
"name": "CVE-2019-8794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
},
{
"name": "CVE-2019-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
},
{
"name": "CVE-2019-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
},
{
"name": "CVE-2019-8785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
},
{
"name": "CVE-2019-8708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
},
{
"name": "CVE-2019-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
},
{
"name": "CVE-2019-8749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
},
{
"name": "CVE-2019-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
},
{
"name": "CVE-2019-8716",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
},
{
"name": "CVE-2019-8812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
},
{
"name": "CVE-2019-8802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
},
{
"name": "CVE-2019-8784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
},
{
"name": "CVE-2019-8737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
},
{
"name": "CVE-2019-8821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
},
{
"name": "CVE-2019-8820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
},
{
"name": "CVE-2019-8795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
},
{
"name": "CVE-2019-8766",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
},
{
"name": "CVE-2019-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
},
{
"name": "CVE-2019-8819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
},
{
"name": "CVE-2019-8789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
},
{
"name": "CVE-2019-8759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
},
{
"name": "CVE-2019-8744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
},
{
"name": "CVE-2019-8822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
},
{
"name": "CVE-2019-8801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
},
{
"name": "CVE-2019-8803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
},
{
"name": "CVE-2019-8783",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
},
{
"name": "CVE-2019-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
},
{
"name": "CVE-2019-8750",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
},
{
"name": "CVE-2018-12152",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
},
{
"name": "CVE-2019-8786",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
},
{
"name": "CVE-2019-8787",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
},
{
"name": "CVE-2019-8823",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
},
{
"name": "CVE-2019-8798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
},
{
"name": "CVE-2019-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
},
{
"name": "CVE-2019-8761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
},
{
"name": "CVE-2019-8814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
},
{
"name": "CVE-2019-8797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
},
{
"name": "CVE-2018-12154",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
},
{
"name": "CVE-2019-8811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
},
{
"name": "CVE-2019-8782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210722"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210727"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210723"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210725"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210726"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
"url": "https://support.apple.com/fr-fr/HT210724"
}
],
"reference": "CERTFR-2019-AVI-539",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-30T00:00:00.000000"
},
{
"description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
"revision_date": "2019-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
"url": null
}
]
}
CNVD-2019-41301
Vulnerability from cnvd - Published: 2019-11-19
VLAI Severity ?
Title
多款Apple产品Books组件存在未明漏洞
Description
Apple iOS等都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。Apple macOS Catalina是一套专为Mac计算机所开发的专用操作系统。Books是其中的一个电子书组件。
Apple macOS Catalina 10.15.1之前版本、iOS 13.2之前版本和iPadOS 13.2之前版本的Books组件中符号链接的处理存在安全漏洞,攻击者可借助恶意制作的iBooks文件利用该漏洞泄露用户信息。
Severity
中
Patch Name
多款Apple产品Books组件存在未明漏洞的补丁
Patch Description
Apple iOS等都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。Apple macOS Catalina是一套专为Mac计算机所开发的专用操作系统。Books是其中的一个电子书组件。
Apple macOS Catalina 10.15.1之前版本、iOS 13.2之前版本和iPadOS 13.2之前版本的Books组件中符号链接的处理存在安全漏洞,攻击者可借助恶意制作的iBooks文件利用该漏洞泄露用户信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://support.apple.com/zh-cn/HT210721
Reference
https://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-30747
https://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html
https://www.auscert.org.au/bulletins/ESB-2019.4010/
Impacted products
| Name | ['Apple Apple macOS Catalina <10.15.1', 'Apple iOS <13.2', 'Apple iPadOS <13.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-8789"
}
},
"description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Books\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7535\u5b50\u4e66\u7ec4\u4ef6\u3002\n\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u3001iOS 13.2\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.2\u4e4b\u524d\u7248\u672c\u7684Books\u7ec4\u4ef6\u4e2d\u7b26\u53f7\u94fe\u63a5\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684iBooks\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT210721",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-41301",
"openTime": "2019-11-19",
"patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Books\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7535\u5b50\u4e66\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u3001iOS 13.2\u4e4b\u524d\u7248\u672c\u548ciPadOS 13.2\u4e4b\u524d\u7248\u672c\u7684Books\u7ec4\u4ef6\u4e2d\u7b26\u53f7\u94fe\u63a5\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684iBooks\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eApple\u4ea7\u54c1Books\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apple Apple macOS Catalina \u003c10.15.1",
"Apple iOS \u003c13.2",
"Apple iPadOS \u003c13.2"
]
},
"referenceLink": "https://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-30747\r\nhttps://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.4010/",
"serverity": "\u4e2d",
"submitTime": "2019-11-05",
"title": "\u591a\u6b3eApple\u4ea7\u54c1Books\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
VAR-201912-0139
Vulnerability from variot - Updated: 2023-12-18 10:43A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Books is one of the e-book components. A security vulnerability exists in the handling of symbolic links in the Books component of Apple macOS Catalina versions prior to 10.15.1, iOS versions prior to 13.2, and iPadOS versions prior to 13.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra
macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address the following:
Accounts Available for: macOS Catalina 10.15 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt
App Store Available for: macOS Catalina 10.15 Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)
AppleGraphicsControl Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8817: Arash Tohidi
AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team
Associated Domains Available for: macOS Catalina 10.15 Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd
Audio Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab
Audio Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven
Contacts Available for: macOS Catalina 10.15 Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)
CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg
CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
File Quarantine Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs
File System Events Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative
Graphics Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos
Graphics Driver Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
Intel Graphics Driver Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8807: Yu Wang of Didi Research America
IOGraphics Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team
iTunes Available for: macOS Catalina 10.15 Impact: Running the iTunes installer in an untrusted directory may result in arbitrary code execution Description: A dynamic library loading issue existed in iTunes setup. CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Kernel Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team
libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz
libxslt Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz
manpages Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2019-8802: Csaba Fitzl (@theevilbit)
PluginKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher
PluginKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher
SystemExtensions Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the entitlement verification. CVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU
UIFoundation Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX
Additional recognition
CFNetwork We would like to acknowledge Lily Chen of Google for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero and Jann Horn of Google Project Zero for their assistance.
libresolv We would like to acknowledge enh at Google for their assistance.
Postfix We would like to acknowledge Chris Barker of Puppet for their assistance.
Profiles We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
python We would like to acknowledge an anonymous researcher for their assistance.
VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.
Installation note:
macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3T5w/+ MA0oNNn6fPlkGiHHzMisKLkseGIltXgSc1v01C32qZpWoCmIzxXoDN1DZ0UC1nkh fAzFMvj25wEj14L7ZXOOqaLFgf+e3ZGzius71wru92h1oaYMkspO1A0I6jPOXUU0 EtZfy6RECv7Ees4Zvj5EWXO0Xqpk2fVyEN4f/sGLtlHRkv1Do9ge6pX3JyXynF+f M0jSntJYBFMuzIX2LZFdbTgtcNhsVMhUlztz3SKbA+JF6IxertPSp9mOxaEtGnYj LgvSy9EVn98XBRt7rS8zrXCBi1OrTV21RE2HY+Twv+8lSSMRsjo6+KW7sPYd3KDy esY0zfIkZ1VSSw/sb0kBalkl/rjLeBkSsBlLiA9uWEvkH9uDNVuo4WzDIN6a89hs Zb2Aj4VjlLlKRKXRmLmpq7TkUQTVxWNMUdHttHUa/k0ODWviH/CbCKhrv0GKB9+X EOXG65J+qCzq07MPgQG/JWCFbpVVOqQyXOuKCwrDl1LIb15WMxy8vFApEcJAsrvB Z9if9NDnJxTWo9gQUcrZHrFm/humsTc+YSPSDovfIEYwbx99LkOWdnK5kiTqodxW SMQyXhAWeZqL8zzxkFjXnodsnmVXvldFVMHjqPdXuXnn6ythU4UPedklPC50bH9G Ofniqz3XXmySfVDFNFyfODEsvnoTxmGiUyJzAxAM+JM= =fvfR -----END PGP SIGNATURE-----
. CVE-2019-8786: an anonymous researcher
Screen Time Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to record the screen without a visible screen recording indicator Description: A consistency issue existed in deciding when to show the screen recording indicator. CVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School
Setup Assistant Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An inconsistency in Wi-Fi network configuration settings was addressed. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero
WebKit Process Model Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 13.2 and iPadOS 13.2"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.1"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 11.0 earlier"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.15 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "ipados",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.10.2 for windows earlier"
},
{
"model": "macos catalina",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.1 earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.6 (security update 2019-006 not applied )"
},
{
"model": "macos mojave",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.6 (security update 2019-001 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.0.3 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13.2 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 earlier"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.2 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "155067"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
],
"trust": 0.8
},
"cve": "CVE-2019-8789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-8789",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8789",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1743",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160224",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-8789",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Books is one of the e-book components. A security vulnerability exists in the handling of symbolic links in the Books component of Apple macOS Catalina versions prior to 10.15.1, iOS versions prior to 13.2, and iPadOS versions prior to 13.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update\n2019-001 Mojave, Security Update 2019-006 High Sierra\n\nmacOS Catalina 10.15.1, Security Update 2019-001 Mojave,\nSecurity Update 2019-006 High Sierra are now available and address\nthe following:\n\nAccounts\nAvailable for: macOS Catalina 10.15\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at\nTechnische Universit\u00e4t Darmstadt\n\nApp Store\nAvailable for: macOS Catalina 10.15\nImpact: A local attacker may be able to login to the account of a\npreviously logged in user without valid credentials. \nCVE-2019-8803: Kiyeon An, \ucc28\ubbfc\uaddc (CHA Minkyu)\n\nAppleGraphicsControl\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8817: Arash Tohidi\n\nAppleGraphicsControl\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi\u0027anxin\nGroup, Zhuo Liang of Qihoo 360 Vulcan Team\n\nAssociated Domains\nAvailable for: macOS Catalina 10.15\nImpact: Improper URL processing may lead to data exfiltration\nDescription: An issue existed in the parsing of URLs. \nCVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli\nRikama of Zero Keyboard Ltd\n\nAudio\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\n\nAudio\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven\n\nContacts\nAvailable for: macOS Catalina 10.15\nImpact: Processing a maliciously contact may lead to UI spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nCUPS\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\n\nCUPS\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2019-8767: Stephen Zeisberg\n\nCUPS\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\n\nFile Quarantine\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs\n\nFile System Events\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8798: ABC Research s.r.o. working with Trend Micro\u0027s Zero\nDay Initiative\n\nGraphics\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Processing a malicious shader may result in unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-12152: Piotr Bania of Cisco Talos\nCVE-2018-12153: Piotr Bania of Cisco Talos\nCVE-2018-12154: Piotr Bania of Cisco Talos\n\nGraphics Driver\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC\n\nIntel Graphics Driver\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8807: Yu Wang of Didi Research America\n\nIOGraphics\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8759: another of 360 Nirvan Team\n\niTunes\nAvailable for: macOS Catalina 10.15\nImpact: Running the iTunes installer in an untrusted directory may\nresult in arbitrary code execution\nDescription: A dynamic library loading issue existed in iTunes setup. \nCVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nKernel\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8786: an anonymous researcher\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\n\nlibxml2\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\n\nlibxslt\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\n\nmanpages\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8802: Csaba Fitzl (@theevilbit)\n\nPluginKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\n\nPluginKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\n\nSystemExtensions\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A validation issue existed in the entitlement\nverification. \nCVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU\n\nUIFoundation\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2019-8761: Renee Trisberg of SpectX\n\nAdditional recognition\n\nCFNetwork\nWe would like to acknowledge Lily Chen of Google for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero and\nJann Horn of Google Project Zero for their assistance. \n\nlibresolv\nWe would like to acknowledge enh at Google for their assistance. \n\nPostfix\nWe would like to acknowledge Chris Barker of Puppet for their\nassistance. \n\nProfiles\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\npython\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15.1, Security Update 2019-001 Mojave,\nSecurity Update 2019-006 High Sierra may be\nobtained from the Mac App Store or Apple\u0027s Software Downloads\nweb site: https://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3T5w/+\nMA0oNNn6fPlkGiHHzMisKLkseGIltXgSc1v01C32qZpWoCmIzxXoDN1DZ0UC1nkh\nfAzFMvj25wEj14L7ZXOOqaLFgf+e3ZGzius71wru92h1oaYMkspO1A0I6jPOXUU0\nEtZfy6RECv7Ees4Zvj5EWXO0Xqpk2fVyEN4f/sGLtlHRkv1Do9ge6pX3JyXynF+f\nM0jSntJYBFMuzIX2LZFdbTgtcNhsVMhUlztz3SKbA+JF6IxertPSp9mOxaEtGnYj\nLgvSy9EVn98XBRt7rS8zrXCBi1OrTV21RE2HY+Twv+8lSSMRsjo6+KW7sPYd3KDy\nesY0zfIkZ1VSSw/sb0kBalkl/rjLeBkSsBlLiA9uWEvkH9uDNVuo4WzDIN6a89hs\nZb2Aj4VjlLlKRKXRmLmpq7TkUQTVxWNMUdHttHUa/k0ODWviH/CbCKhrv0GKB9+X\nEOXG65J+qCzq07MPgQG/JWCFbpVVOqQyXOuKCwrDl1LIb15WMxy8vFApEcJAsrvB\nZ9if9NDnJxTWo9gQUcrZHrFm/humsTc+YSPSDovfIEYwbx99LkOWdnK5kiTqodxW\nSMQyXhAWeZqL8zzxkFjXnodsnmVXvldFVMHjqPdXuXnn6ythU4UPedklPC50bH9G\nOfniqz3XXmySfVDFNFyfODEsvnoTxmGiUyJzAxAM+JM=\n=fvfR\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2019-8786: an anonymous researcher\n\nScreen Time\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to record the screen without a\nvisible screen recording indicator\nDescription: A consistency issue existed in deciding when to show the\nscreen recording indicator. \nCVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School\n\nSetup Assistant\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An inconsistency in Wi-Fi network configuration settings\nwas addressed. \nCVE-2019-8782: Cheolung Lee of LINE+ Security Team\nCVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team\nCVE-2019-8808: found by OSS-Fuzz\nCVE-2019-8811: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8812: an anonymous researcher\nCVE-2019-8814: Cheolung Lee of LINE+ Security Team\nCVE-2019-8816: Soyeon Park of SSLab at Georgia Tech\nCVE-2019-8819: Cheolung Lee of LINE+ Security Team\nCVE-2019-8820: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8821: Sergei Glazunov of Google Project Zero\nCVE-2019-8822: Sergei Glazunov of Google Project Zero\nCVE-2019-8823: Sergei Glazunov of Google Project Zero\n\nWebKit Process Model\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.2 and iPadOS 13.2\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "PACKETSTORM",
"id": "155067"
},
{
"db": "PACKETSTORM",
"id": "155058"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8789",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU96749516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155067",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4010",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160224",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-8789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155067"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"id": "VAR-201912-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160224"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:43:35.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of iCloud for Windows 11.0",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210727"
},
{
"title": "About the security content of iCloud for Windows 7.15",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210728"
},
{
"title": "About the security content of iOS 13.2 and iPadOS 13.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210721"
},
{
"title": "About the security content of Xcode 11.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210729"
},
{
"title": "About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210722"
},
{
"title": "About the security content of tvOS 13.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210723"
},
{
"title": "About the security content of watchOS 6.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210724"
},
{
"title": "About the security content of Safari 13.0.3",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210725"
},
{
"title": "About the security content of iTunes 12.10.2 for Windows",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210726"
},
{
"title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht201260"
},
{
"title": "Apple iOS , Apple iPadOS and macOS Catalina Books Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105594"
},
{
"title": "Apple: iOS 13.2 and iPadOS 13.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aba6b5817da532af0c2dabc251727995"
},
{
"title": "Apple: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=25cf0d869bfd0e91074f5ca5a31d8ef0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht210721"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210722"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8789"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8785"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8797"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8786"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8798"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8787"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8788"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8794"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8784"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8822"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8823"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8814"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8815"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8803"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8804"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8816"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8819"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8793"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8820"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8821"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8795"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96749516/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8765"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8802"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8775"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8807"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8747"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8735"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht201222"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-30747"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155067/apple-security-advisory-2019-10-29-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4010/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210722"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7152"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/59.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht210721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8736"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8761"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155067"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160224"
},
{
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"db": "PACKETSTORM",
"id": "155067"
},
{
"db": "PACKETSTORM",
"id": "155058"
},
{
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160224"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"date": "2019-11-01T17:11:03",
"db": "PACKETSTORM",
"id": "155067"
},
{
"date": "2019-11-01T17:05:53",
"db": "PACKETSTORM",
"id": "155058"
},
{
"date": "2019-12-18T18:15:41.520000",
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"date": "2019-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-160224"
},
{
"date": "2019-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8789"
},
{
"date": "2020-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011304"
},
{
"date": "2019-12-23T14:44:25.383000",
"db": "NVD",
"id": "CVE-2019-8789"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1743"
}
],
"trust": 0.6
}
}
GSD-2019-8789
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-8789",
"description": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.",
"id": "GSD-2019-8789"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-8789"
],
"details": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.",
"id": "GSD-2019-8789",
"modified": "2023-12-13T01:23:48.659494Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "iOS 13.2 and iPadOS 13.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "macOS Catalina 10.15.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing a maliciously crafted iBooks file may lead to disclosure of user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210721",
"refsource": "MISC",
"url": "https://support.apple.com/HT210721"
},
{
"name": "https://support.apple.com/HT210722",
"refsource": "MISC",
"url": "https://support.apple.com/HT210722"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8789"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210721",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210721"
},
{
"name": "https://support.apple.com/HT210722",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT210722"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-12-23T14:44Z",
"publishedDate": "2019-12-18T18:15Z"
}
}
}
GHSA-2P5M-PXG9-G2WQ
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI?
Details
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
{
"affected": [],
"aliases": [
"CVE-2019-8789"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.",
"id": "GHSA-2p5m-pxg9-g2wq",
"modified": "2022-05-24T17:04:36Z",
"published": "2022-05-24T17:04:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8789"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210721"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210722"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…