cvelistv5 - cve-2019-8836

CVE-2019-8836 (GCVE-0-2019-8836)

Vulnerability from cvelistv5 – Published: 2020-10-27 19:55 – Updated: 2024-08-04 21:31

Summary

Severity ?

No CVSS data available.

CWE

An application may be able to execute arbitrary code with kernel privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT210918	x_refsource_MISC
	https://support.apple.com/en-us/HT210920	x_refsource_MISC
	https://support.apple.com/en-us/HT210921	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: unspecified , < 13.3 (custom)

	Apple	tvOS	Affected: unspecified , < 13.3 (custom)
	Apple	watchOS	Affected: unspecified , < 6.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210918"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210920"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT210921"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "6.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-27T19:55:48",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210918"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210920"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT210921"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to execute arbitrary code with kernel privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210918",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210918"
            },
            {
              "name": "https://support.apple.com/en-us/HT210920",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210920"
            },
            {
              "name": "https://support.apple.com/en-us/HT210921",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT210921"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8836",
    "datePublished": "2020-10-27T19:55:48",
    "dateReserved": "2019-02-18T00:00:00",
    "dateUpdated": "2024-08-04T21:31:37.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.3.1\", \"matchCriteriaId\": \"3DD89B34-EA75-4559-A112-13B489B2502A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.3.1\", \"matchCriteriaId\": \"B4BFEAAB-906E-4F49-A6DB-5717BADD8089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.3.1\", \"matchCriteriaId\": \"7C2B3AC9-FAFE-4819-9538-A072B446BE78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.2\", \"matchCriteriaId\": \"53578351-17EB-4C7E-B736-78F0D01AF5DA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de corrupci\\u00f3n de la memoria con un manejo de la memoria mejorada.\u0026#xa0;Este problema se corrigi\\u00f3 en watchOS versi\\u00f3n 6.1.2, iOS versi\\u00f3n 13.3.1 y iPadOS versi\\u00f3n 13.3.1, tvOS versi\\u00f3n 13.3.1.\u0026#xa0;Una aplicaci\\u00f3n puede ser capaz de ejecutar c\\u00f3digo arbitrario con privilegios kernel\"}]",
      "id": "CVE-2019-8836",
      "lastModified": "2024-11-21T04:50:34.283",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-10-27T20:15:20.737",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT210918\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT210920\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT210921\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT210918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT210920\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT210921\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8836\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-27T20:15:20.737\",\"lastModified\":\"2024-11-21T04:50:34.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con un manejo de la memoria mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en watchOS versi\u00f3n 6.1.2, iOS versi\u00f3n 13.3.1 y iPadOS versi\u00f3n 13.3.1, tvOS versi\u00f3n 13.3.1.\u0026#xa0;Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"3DD89B34-EA75-4559-A112-13B489B2502A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"B4BFEAAB-906E-4F49-A6DB-5717BADD8089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"7C2B3AC9-FAFE-4819-9538-A072B446BE78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.2\",\"matchCriteriaId\":\"53578351-17EB-4C7E-B736-78F0D01AF5DA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT210918\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210920\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210921\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-8836

Vulnerability from fkie_nvd - Published: 2020-10-27 20:15 - Updated: 2024-11-21 04:50

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT210918	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT210920	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT210921	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210918	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210920	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT210921	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DD89B34-EA75-4559-A112-13B489B2502A",
              "versionEndExcluding": "13.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BFEAAB-906E-4F49-A6DB-5717BADD8089",
              "versionEndExcluding": "13.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C2B3AC9-FAFE-4819-9538-A072B446BE78",
              "versionEndExcluding": "13.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53578351-17EB-4C7E-B736-78F0D01AF5DA",
              "versionEndExcluding": "6.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con un manejo de la memoria mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en watchOS versi\u00f3n 6.1.2, iOS versi\u00f3n 13.3.1 y iPadOS versi\u00f3n 13.3.1, tvOS versi\u00f3n 13.3.1.\u0026#xa0;Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios kernel"
    }
  ],
  "id": "CVE-2019-8836",
  "lastModified": "2024-11-21T04:50:34.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-27T20:15:20.737",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210918"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210920"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT210921"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-03862

Vulnerability from cnvd - Published: 2020-02-05

Title

多款Apple产品IOUSBDeviceFamily组件内存破坏漏洞

Description

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。IOUSBDeviceFamily是其中的一个用于通过USB支持设备与主机间通信的组件。多款Apple产品中的IOUSBDeviceFamily组件存在安全漏洞。攻击者可利用该漏洞以内核权限执行任意代码（内存破坏）。

Severity

高

Patch Name

多款Apple产品IOUSBDeviceFamily组件内存破坏漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/en-us/HT210790

Reference

https://www.auscert.org.au/bulletins/ESB-2019.4629/

Impacted products

Name
['Apple iOS', 'Apple tvOS', 'Apple iPadOS']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8836"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002IOUSBDeviceFamily\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u901a\u8fc7USB\u652f\u6301\u8bbe\u5907\u4e0e\u4e3b\u673a\u95f4\u901a\u4fe1\u7684\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684IOUSBDeviceFamily\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5185\u6838\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff08\u5185\u5b58\u7834\u574f\uff09\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-us/HT210790",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03862",
  "openTime": "2020-02-05",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002IOUSBDeviceFamily\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u901a\u8fc7USB\u652f\u6301\u8bbe\u5907\u4e0e\u4e3b\u673a\u95f4\u901a\u4fe1\u7684\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684IOUSBDeviceFamily\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5185\u6838\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff08\u5185\u5b58\u7834\u574f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1IOUSBDeviceFamily\u7ec4\u4ef6\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS",
      "Apple tvOS",
      "Apple  iPadOS"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2019.4629/",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-12",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1IOUSBDeviceFamily\u7ec4\u4ef6\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

GSD-2019-8836

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8836

Aliases

CVE-2019-8836

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8836",
    "description": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2019-8836"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8836"
      ],
      "details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2019-8836",
      "modified": "2023-12-13T01:23:47.923260Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "13.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "13.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "6.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT210918",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210918"
          },
          {
            "name": "https://support.apple.com/en-us/HT210920",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210920"
          },
          {
            "name": "https://support.apple.com/en-us/HT210921",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT210921"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8836"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT210918",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210918"
            },
            {
              "name": "https://support.apple.com/en-us/HT210920",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210920"
            },
            {
              "name": "https://support.apple.com/en-us/HT210921",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT210921"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-10-27T20:15Z"
    }
  }
}

CERTFR-2019-AVI-620

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 13.x antérieures à 13.3
Apple	N/A	Xcode versions antérieures à 11.3
Apple	N/A	watchOS versions 5.x antérieures à 5.3.4
Apple	N/A	Mojave sans le correctif de sécurité 2019-002
Apple	N/A	watchOS versions 6.x antérieures à 6.1.1
Apple	N/A	tvOS versions antérieures à 13.3
Apple	N/A	High Sierra sans le correctif de sécurité 2019-007
Apple	N/A	iPadOS versions antérieures à 13.3
Apple	Safari	Safari versions antérieures à 13.0.4
Apple	macOS	macOS Catalina versions antérieures à 10.15.2
Apple	N/A	iOS versions 12.x antérieures à 12.4.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210792 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210789 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210787 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210785 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210796 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210791 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210790 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210788 du 10 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions 13.x ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mojave sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions 6.x ant\u00e9rieures \u00e0 6.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "High Sierra sans le correctif de s\u00e9curit\u00e9 2019-007",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.4",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14463"
    },
    {
      "name": "CVE-2019-8847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8847"
    },
    {
      "name": "CVE-2018-14468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14468"
    },
    {
      "name": "CVE-2018-16451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16451"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2012-2668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2668"
    },
    {
      "name": "CVE-2012-1164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1164"
    },
    {
      "name": "CVE-2018-14881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14881"
    },
    {
      "name": "CVE-2017-16808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16808"
    },
    {
      "name": "CVE-2019-13057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
    },
    {
      "name": "CVE-2019-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8840"
    },
    {
      "name": "CVE-2019-8835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8835"
    },
    {
      "name": "CVE-2018-16227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16227"
    },
    {
      "name": "CVE-2019-15165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15165"
    },
    {
      "name": "CVE-2019-8832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8832"
    },
    {
      "name": "CVE-2019-8844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8844"
    },
    {
      "name": "CVE-2019-8857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8857"
    },
    {
      "name": "CVE-2019-8841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8841"
    },
    {
      "name": "CVE-2019-8837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8837"
    },
    {
      "name": "CVE-2018-16228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16228"
    },
    {
      "name": "CVE-2019-15164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15164"
    },
    {
      "name": "CVE-2019-8852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8852"
    },
    {
      "name": "CVE-2019-8839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8839"
    },
    {
      "name": "CVE-2018-14465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14465"
    },
    {
      "name": "CVE-2019-15162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15162"
    },
    {
      "name": "CVE-2018-10103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10103"
    },
    {
      "name": "CVE-2018-14880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14880"
    },
    {
      "name": "CVE-2019-15161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15161"
    },
    {
      "name": "CVE-2018-14470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14470"
    },
    {
      "name": "CVE-2019-8856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8856"
    },
    {
      "name": "CVE-2018-14469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14469"
    },
    {
      "name": "CVE-2018-14879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14879"
    },
    {
      "name": "CVE-2019-8853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
    },
    {
      "name": "CVE-2013-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
    },
    {
      "name": "CVE-2018-10105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10105"
    },
    {
      "name": "CVE-2018-14466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14466"
    },
    {
      "name": "CVE-2019-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8830"
    },
    {
      "name": "CVE-2019-8833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8833"
    },
    {
      "name": "CVE-2019-15163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15163"
    },
    {
      "name": "CVE-2018-16301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16301"
    },
    {
      "name": "CVE-2018-16230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16230"
    },
    {
      "name": "CVE-2018-16452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16452"
    },
    {
      "name": "CVE-2019-8848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8848"
    },
    {
      "name": "CVE-2019-8842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8842"
    },
    {
      "name": "CVE-2018-14464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14464"
    },
    {
      "name": "CVE-2018-14462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14462"
    },
    {
      "name": "CVE-2019-8838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8838"
    },
    {
      "name": "CVE-2019-15166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15166"
    },
    {
      "name": "CVE-2018-14461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14461"
    },
    {
      "name": "CVE-2019-8828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8828"
    },
    {
      "name": "CVE-2018-14467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14467"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2019-8846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8846"
    },
    {
      "name": "CVE-2018-14882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14882"
    },
    {
      "name": "CVE-2019-15167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15167"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2018-16229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16229"
    },
    {
      "name": "CVE-2018-16300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16300"
    },
    {
      "name": "CVE-2019-8836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8836"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-620",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210792 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210792"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210789 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210789"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210787 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210787"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210785 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210785"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210796 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210796"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210791 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210791"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210790 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210790"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210788 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210788"
    }
  ]
}

CERTFR-2019-AVI-620

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions 13.x antérieures à 13.3
Apple	N/A	Xcode versions antérieures à 11.3
Apple	N/A	watchOS versions 5.x antérieures à 5.3.4
Apple	N/A	Mojave sans le correctif de sécurité 2019-002
Apple	N/A	watchOS versions 6.x antérieures à 6.1.1
Apple	N/A	tvOS versions antérieures à 13.3
Apple	N/A	High Sierra sans le correctif de sécurité 2019-007
Apple	N/A	iPadOS versions antérieures à 13.3
Apple	Safari	Safari versions antérieures à 13.0.4
Apple	macOS	macOS Catalina versions antérieures à 10.15.2
Apple	N/A	iOS versions 12.x antérieures à 12.4.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210792 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210789 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210787 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210785 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210796 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210791 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210790 du 10 décembre 2019	None	vendor-advisory
Bulletin de sécurité Apple HT210788 du 10 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions 13.x ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mojave sans le correctif de s\u00e9curit\u00e9 2019-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions 6.x ant\u00e9rieures \u00e0 6.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "High Sierra sans le correctif de s\u00e9curit\u00e9 2019-007",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.4",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14463"
    },
    {
      "name": "CVE-2019-8847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8847"
    },
    {
      "name": "CVE-2018-14468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14468"
    },
    {
      "name": "CVE-2018-16451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16451"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2012-2668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2668"
    },
    {
      "name": "CVE-2012-1164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1164"
    },
    {
      "name": "CVE-2018-14881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14881"
    },
    {
      "name": "CVE-2017-16808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16808"
    },
    {
      "name": "CVE-2019-13057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
    },
    {
      "name": "CVE-2019-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8840"
    },
    {
      "name": "CVE-2019-8835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8835"
    },
    {
      "name": "CVE-2018-16227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16227"
    },
    {
      "name": "CVE-2019-15165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15165"
    },
    {
      "name": "CVE-2019-8832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8832"
    },
    {
      "name": "CVE-2019-8844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8844"
    },
    {
      "name": "CVE-2019-8857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8857"
    },
    {
      "name": "CVE-2019-8841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8841"
    },
    {
      "name": "CVE-2019-8837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8837"
    },
    {
      "name": "CVE-2018-16228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16228"
    },
    {
      "name": "CVE-2019-15164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15164"
    },
    {
      "name": "CVE-2019-8852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8852"
    },
    {
      "name": "CVE-2019-8839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8839"
    },
    {
      "name": "CVE-2018-14465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14465"
    },
    {
      "name": "CVE-2019-15162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15162"
    },
    {
      "name": "CVE-2018-10103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10103"
    },
    {
      "name": "CVE-2018-14880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14880"
    },
    {
      "name": "CVE-2019-15161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15161"
    },
    {
      "name": "CVE-2018-14470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14470"
    },
    {
      "name": "CVE-2019-8856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8856"
    },
    {
      "name": "CVE-2018-14469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14469"
    },
    {
      "name": "CVE-2018-14879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14879"
    },
    {
      "name": "CVE-2019-8853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
    },
    {
      "name": "CVE-2013-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
    },
    {
      "name": "CVE-2018-10105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10105"
    },
    {
      "name": "CVE-2018-14466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14466"
    },
    {
      "name": "CVE-2019-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8830"
    },
    {
      "name": "CVE-2019-8833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8833"
    },
    {
      "name": "CVE-2019-15163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15163"
    },
    {
      "name": "CVE-2018-16301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16301"
    },
    {
      "name": "CVE-2018-16230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16230"
    },
    {
      "name": "CVE-2018-16452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16452"
    },
    {
      "name": "CVE-2019-8848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8848"
    },
    {
      "name": "CVE-2019-8842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8842"
    },
    {
      "name": "CVE-2018-14464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14464"
    },
    {
      "name": "CVE-2018-14462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14462"
    },
    {
      "name": "CVE-2019-8838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8838"
    },
    {
      "name": "CVE-2019-15166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15166"
    },
    {
      "name": "CVE-2018-14461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14461"
    },
    {
      "name": "CVE-2019-8828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8828"
    },
    {
      "name": "CVE-2018-14467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14467"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2019-8846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8846"
    },
    {
      "name": "CVE-2018-14882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14882"
    },
    {
      "name": "CVE-2019-15167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15167"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2018-16229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16229"
    },
    {
      "name": "CVE-2018-16300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16300"
    },
    {
      "name": "CVE-2019-8836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8836"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-620",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210792 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210792"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210789 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210789"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210787 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210787"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210785 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210785"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210796 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210796"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210791 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210791"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210790 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210790"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210788 du 10 d\u00e9cembre 2019",
      "url": "https://support.apple.com/en-us/HT210788"
    }
  ]
}

GHSA-33R9-2244-PQXX

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-33r9-2244-pqxx",
  "modified": "2022-05-24T17:32:26Z",
  "published": "2022-05-24T17:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8836"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210918"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210920"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202010-0144

Vulnerability from variot - Updated: 2023-12-18 10:52

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. IOUSBDeviceFamily is one of the components used to support device-host communication via USB. A security vulnerability exists in the IOUSBDeviceFamily component in several Apple products. The following products and versions are affected: Apple watchOS earlier than 6.1.1; tvOS earlier than 13.3; iOS earlier than 13.3; iPadOS earlier than 13.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3

iOS 13.3 and iPadOS 13.3 is now available and addresses the following:

CallKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL

CFNetwork Proxies Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team

FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero

IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2019-8841: Corellium

IOUSBDeviceFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect

libexpat Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang

Photos Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel Description: The issue was addressed with improved validation when an iCloud Link is created. CVE-2019-8857: Tor Bruce

Security Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos

Additional recognition

Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com http://kishanbagaria.com/) and Tom Snelling of Loughborough University for their assistance.

Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance.

Settings We would like to acknowledge an anonymous researcher for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.3 and iPadOS 13.3".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpoACgkQBz4uGe3y 0M18fQ//WhVI4LKBRFvq8A5p7T8wwMklItFubvFzcxAec3ZHIYAXTTLpvZWNKCrc wvqlPkNBs1onvaq6LPddeL9uMWgBB0iiks6HX5oRrHuvutiRGC1n8VzJCgW8BWwI 7CNFNBXl4iBflupZlCnSdbwbDkJSyNN+DvouxzfXMqbpdnjV1NVNtlM/WrdFnVgU vqAnxY7FEFrwgyU/zAbfyo5S4qJ2fRC9MPiO3Tiq+abVEcprQ4wSmKJUtgvgudOX witjbU8I9eKz2H5jq555gkq4yZVHjg7vDhj1Ln1Zm2bO2PM5A6dsXsSCwzIYaqvF /wbrOuVbw1f1F4mD8Oq7IFHXsoWysUnOPEApeKE7L0XvH7CmCDccd7k9txOIRWRt 2rj+8YqGvo1fXKnIULVgtltbnxMKhZJO6ISZnTQ+3CnNfWEgXx+dNVDBB1HIGooJ JkpldVmjNXBts/DV0FEZXbYLVWCk90D0sSeMTE64v9U6v690JVGoXHynhYhui4IX gSbbcvwslD8MLHyK1E29t7X3XdIGVuzcq+OJ7oFn7T1lX14UflvKRNkEDDfc4Tsj lllrvrU084mWQaryldWIGzDNDT7O4RDsTCKzEPYSqXm3mxP13jZj1sDv1f1/2FdQ GmjCFIvlnYZeHB2mbStt3T9LXe7tuaF1TIYnG103h/SQEmwfiOk= =m//a -----END PGP SIGNATURE-----

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (apple tv hd)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (apple tv 4k)"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1.2 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.3.1 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "db": "PACKETSTORM",
        "id": "155640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-8836",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015878",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-160271",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-8836",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015878",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8836",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015878",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-483",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160271",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-8836",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. IOUSBDeviceFamily is one of the components used to support device-host communication via USB. A security vulnerability exists in the IOUSBDeviceFamily component in several Apple products. The following products and versions are affected: Apple watchOS earlier than 6.1.1; tvOS earlier than 13.3; iOS earlier than 13.3; iPadOS earlier than 13.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3\n\niOS 13.3 and iPadOS 13.3 is now available and addresses the\nfollowing:\n\nCallKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Calls made using Siri may be initiated using the wrong\ncellular plan on devices with two active plans\nDescription: An API issue existed in the handling of outgoing phone\ncalls initiated with Siri. \nCVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL\n\nCFNetwork Proxies\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed with improved checks. \nCVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing malicious video via FaceTime may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8830: Natalie Silvanovich of Google Project Zero\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2019-8841: Corellium\n\nIOUSBDeviceFamily\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and\nLuyi Xing of Indiana University Bloomington\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2019-8833: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8828: Cim Stordal of Cognite\nCVE-2019-8838: Dr Silvio Cesare of InfoSect\n\nlibexpat\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Parsing a maliciously crafted XML file may lead to disclosure\nof user information\nDescription: This issue was addressed by updating to expat version\n2.2.8. \nCVE-2019-15903: Joonun Jang\n\nPhotos\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Live Photo audio and video data may be shared via iCloud\nlinks even if Live Photo is disabled in the Share Sheet carousel\nDescription: The issue was addressed with improved validation when an\niCloud Link is created. \nCVE-2019-8857: Tor Bruce\n\nSecurity\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8832: Insu Yun of SSLab at Georgia Tech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8835: Anonymous working with Trend Micro\u0027s Zero Day\nInitiative, Mike Zhang of Pangu Team\nCVE-2019-8844: William Bowling (@wcbowling)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8846: Marcin Towalski of Cisco Talos\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Kishan Bagaria (KishanBagaria.com \u003chttp://kishanbagaria.com/\u003e) and\nTom Snelling of Loughborough University for their assistance. \n\nCore Data\nWe would like to acknowledge Natalie Silvanovich of Google Project\nZero for their assistance. \n\nSettings\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ \u003chttps://www.apple.com/itunes/\u003e\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.3 and iPadOS 13.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222 \u003chttps://support.apple.com/kb/HT201222\u003e\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/ \u003chttps://www.apple.com/support/security/pgp/\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpoACgkQBz4uGe3y\n0M18fQ//WhVI4LKBRFvq8A5p7T8wwMklItFubvFzcxAec3ZHIYAXTTLpvZWNKCrc\nwvqlPkNBs1onvaq6LPddeL9uMWgBB0iiks6HX5oRrHuvutiRGC1n8VzJCgW8BWwI\n7CNFNBXl4iBflupZlCnSdbwbDkJSyNN+DvouxzfXMqbpdnjV1NVNtlM/WrdFnVgU\nvqAnxY7FEFrwgyU/zAbfyo5S4qJ2fRC9MPiO3Tiq+abVEcprQ4wSmKJUtgvgudOX\nwitjbU8I9eKz2H5jq555gkq4yZVHjg7vDhj1Ln1Zm2bO2PM5A6dsXsSCwzIYaqvF\n/wbrOuVbw1f1F4mD8Oq7IFHXsoWysUnOPEApeKE7L0XvH7CmCDccd7k9txOIRWRt\n2rj+8YqGvo1fXKnIULVgtltbnxMKhZJO6ISZnTQ+3CnNfWEgXx+dNVDBB1HIGooJ\nJkpldVmjNXBts/DV0FEZXbYLVWCk90D0sSeMTE64v9U6v690JVGoXHynhYhui4IX\ngSbbcvwslD8MLHyK1E29t7X3XdIGVuzcq+OJ7oFn7T1lX14UflvKRNkEDDfc4Tsj\nlllrvrU084mWQaryldWIGzDNDT7O4RDsTCKzEPYSqXm3mxP13jZj1sDv1f1/2FdQ\nGmjCFIvlnYZeHB2mbStt3T9LXe7tuaF1TIYnG103h/SQEmwfiOk=\n=m//a\n-----END PGP SIGNATURE-----\n\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "db": "PACKETSTORM",
        "id": "155640"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8836",
        "trust": 2.9
      },
      {
        "db": "JVN",
        "id": "JVNVU95678717",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155670",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4629",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03862",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-160271",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155643",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155640",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "db": "PACKETSTORM",
        "id": "155640"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "id": "VAR-202010-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:52:59.474000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210918",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210918"
      },
      {
        "title": "HT210920",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210920"
      },
      {
        "title": "HT210921",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210921"
      },
      {
        "title": "HT210918",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210918"
      },
      {
        "title": "HT210920",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210920"
      },
      {
        "title": "HT210921",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210921"
      },
      {
        "title": "Multiple Apple product IOUSBDeviceFamily Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105333"
      },
      {
        "title": "Apple: watchOS 6.1.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d070c4235862ff7520377ed51b851242"
      },
      {
        "title": "Apple: tvOS 13.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=47fac1737cdf117ddff1611c1b055dc6"
      },
      {
        "title": "Apple: iOS 13.3 and iPadOS 13.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b7ac13606c61b1f11a22b4bfa7f9975c"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht210918"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht210920"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht210921"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8836"
      },
      {
        "trust": 0.9,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8836"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95678717/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4629/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155670/apple-security-advisory-2019-12-10-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-31120"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8832"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8848"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8838"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8844"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8828"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8830"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8833"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8846"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8835"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8856"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8841"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "http://kishanbagaria.com/\u003e)"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8857"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "db": "PACKETSTORM",
        "id": "155640"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "db": "PACKETSTORM",
        "id": "155640"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "date": "2020-10-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "date": "2021-01-28T05:11:37",
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "date": "2019-12-12T00:18:11",
        "db": "PACKETSTORM",
        "id": "155643"
      },
      {
        "date": "2019-12-14T12:22:22",
        "db": "PACKETSTORM",
        "id": "155670"
      },
      {
        "date": "2019-12-12T00:16:21",
        "db": "PACKETSTORM",
        "id": "155640"
      },
      {
        "date": "2020-10-27T20:15:20.737000",
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "date": "2019-12-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160271"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8836"
      },
      {
        "date": "2021-01-28T05:11:37",
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-8836"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product Corruption Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015878"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-483"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8836 (GCVE-0-2019-8836)

FKIE_CVE-2019-8836

CNVD-2020-03862

GSD-2019-8836

CERTFR-2019-AVI-620

Solution

CERTFR-2019-AVI-620

Solution

GHSA-33R9-2244-PQXX

VAR-202010-0144

Tags

Sightings

Nomenclature