var-201903-0441
Vulnerability from variot
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Sandbox avoidance * Arbitrary code execution * Privilege escalation * information leak * Information falsification * Service operation interruption (DoS) * Arbitrary script execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of global regular expressions. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to multiple memory-corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-1-22-4 tvOS 12.1.2
tvOS 12.1.2 is now available and addresses the following:
AppleKeyStore Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad
CoreAnimation Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team
CoreAnimation Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team
FaceTime Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero
IOKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved validation. CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6213: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6209: Brandon Azad of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6208: Jann Horn of Google Project Zero
libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6218: Ian Beer of Google Project Zero
SQLite Available for: Apple TV 4K and Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple
Additional recognition
mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance.
WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H22Q/+ PKUpdAiTuY9INzQcN53qh0p0MKPEjbBmMfEeN7jB1yKoO9e7JSMHpVt5znw106Rp AJEzEsCYspVnAo7aWwcNygGamgNo8J/PJCGso4+drltefWa6XcInsTJ9iIk/sZCV iHgqz0qYZFSziaL0KecMjNK35CSTJQ/qnVv5fkRXOazRpFB0Zcp3ZINb72l5zPND CI2HkJMtGCbrUnN8OJvdFWLo7uXGIQEC3c4dlx/x8m/UtkO3Jsro1qOqTdLEKvaG 6Atj3cFVOnd/SM4geleBOe536hHPsgwTtctkNlKk8JE8CryjEarR+vpb6yRAt1Wx U0ykaXiRPyqadHhoOjtiSIpGZstOZ3lG0VLykhDAj/J2Mu5rwiFjdM4G0wRV0DE/ jVH/NxzoMRM+226T33bY2fM8SwtTsRw0gZyytZG2iIw1xT44ajvN6KTiR+M74h+J yYXw357yMvtOwhdnQ/Npk04OCiHvYr+Rr4spSSyJG6FkBINGL2uIx2p4GgxRFzjV akGElyRXa6WyKbILktAQz/JF6TGQvhhqBxjOmdF04Vs1gOA9h3sM64PsJlSVhx8A Nhvh9DjFMdBVd5es0sfCqtksWFETGnwi2kNhPc6AHAKlkgGntbR6Krc98JnxkTT+ buDgLRHED0aOFpnXiQ0lADYKLrHQoQFiM1btKUoHM94=ouaJ -----END PGP SIGNATURE----- .
Installation note:
Safari 12.0.3 may be obtained from the Mac App Store.
Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-12
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 14, 2019 Bugs: #672108, #674702, #678334 ID: 201903-12
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"
References
[ 1 ] CVE-2019-6212 https://nvd.nist.gov/vuln/detail/CVE-2019-6212 [ 2 ] CVE-2019-6215 https://nvd.nist.gov/vuln/detail/CVE-2019-6215 [ 3 ] CVE-2019-6216 https://nvd.nist.gov/vuln/detail/CVE-2019-6216 [ 4 ] CVE-2019-6217 https://nvd.nist.gov/vuln/detail/CVE-2019-6217 [ 5 ] CVE-2019-6226 https://nvd.nist.gov/vuln/detail/CVE-2019-6226 [ 6 ] CVE-2019-6227 https://nvd.nist.gov/vuln/detail/CVE-2019-6227 [ 7 ] CVE-2019-6229 https://nvd.nist.gov/vuln/detail/CVE-2019-6229 [ 8 ] CVE-2019-6233 https://nvd.nist.gov/vuln/detail/CVE-2019-6233 [ 9 ] CVE-2019-6234 https://nvd.nist.gov/vuln/detail/CVE-2019-6234
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001
Date reported : February 08, 2019 Advisory ID : WSA-2019-0001 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2019-0001.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0001.html CVE identifiers : CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234.
CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to an anonymous researcher.
CVE-2019-6215 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to Lokihardt of Google Project Zero.
CVE-2019-6216 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative.
CVE-2019-6217 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team.
CVE-2019-6226 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Apple.
CVE-2019-6227 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Qixun Zhao of Qihoo 360 Vulcan Team.
CVE-2019-6229 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Ryan Pickren.
CVE-2019-6233 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative.
CVE-2019-6234 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative.
We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team, February 08, 2019
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0441", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.1.2" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "5.1.3" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.10" }, { "model": "itunes", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.9.3" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.0.3" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.1.3" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.10 (windows 7 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.3 (ipad air or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.3 (iphone 5s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.3 (ipod touch first 6 generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 12.9.3 (windows 7 or later )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.0.3 (macos high sierra 10.13.6)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.0.3 (macos mojave 10.14.3)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.0.3 (macos sierra 10.12.6)" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.2 (apple tv 4k)" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.2 (apple tv first 4 generation )" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.1.3 (apple watch series 1 or later )" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.10 earlier" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.3 earlier" }, { "model": "macos high sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-001 not applied )" }, { "model": "macos mojave", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.14.3 earlier" }, { "model": "macos sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-001 not applied )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.0.3 earlier" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.2 earlier" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.1.3 earlier" }, { "model": "safari", "scope": null, "trust": 0.7, "vendor": "apple", "version": null }, { "model": "watch edition", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "watchos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "5.1.3" }, { "model": "macos security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "2019" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.1.3" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "watch hermes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "open source project webkit", "scope": "eq", "trust": 0.3, "vendor": "webkit", "version": "0" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.14.3" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.6" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.13.6" }, { "model": "tvos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.1.2" }, { "model": "watch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "safari", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.0.3" }, { "model": "icloud", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "7.10" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "BID", "id": "106699" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.9.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6216" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "flouroacetate", "sources": [ { "db": "ZDI", "id": "ZDI-19-131" } ], "trust": 0.7 }, "cve": "CVE-2019-6216", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-6216", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-157651", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6216", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2019-6216", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-6216", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2019-6216", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201901-805", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-157651", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-6216", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "VULHUB", "id": "VHN-157651" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "CNNVD", "id": "CNNVD-201901-805" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Sandbox avoidance * Arbitrary code execution * Privilege escalation * information leak * Information falsification * Service operation interruption (DoS) * Arbitrary script execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of global regular expressions. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to multiple memory-corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-1-22-4 tvOS 12.1.2\n\ntvOS 12.1.2 is now available and addresses the following:\n\nAppleKeyStore\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6235: Brandon Azad\n\nCoreAnimation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team\n\nCoreAnimation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan\nTeam\n\nFaceTime\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A remote attacker may be able to initiate a FaceTime call\ncausing arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-6224: Natalie Silvanovich of Google Project Zero\n\nIOKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-6214: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of\nQihoo 360 Vulcan Team\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6210: Ned Williamson of Google\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory corruption issue was addressed with improved\nlock state checking. \nCVE-2019-6205: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6213: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2019-6209: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may cause unexpected changes in\nmemory shared between processes\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-6208: Jann Horn of Google Project Zero\n\nlibxpc\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-6218: Ian Beer of Google Project Zero\n\nSQLite\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia\nTech\nCVE-2019-6216: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-6217: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan\nTeam\nCVE-2019-6226: Apple\n\nAdditional recognition\n\nmDNSResponder\nWe would like to acknowledge Fatemah Alharbi of University of\nCalifornia, Riverside (UCR) and Taibah University (TU), Feng Qian of\nUniversity of Minnesota - Twin City, Jie Chang of LinkSure Network,\nNael Abu-Ghazaleh of University of California, Riverside (UCR),\nYuchen Zhou of Northeastern University, and Zhiyun Qian of University\nof California, Riverside (UCR) for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee (@Windowsrcer) of Kryptos\nLogic for their assistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H22Q/+\nPKUpdAiTuY9INzQcN53qh0p0MKPEjbBmMfEeN7jB1yKoO9e7JSMHpVt5znw106Rp\nAJEzEsCYspVnAo7aWwcNygGamgNo8J/PJCGso4+drltefWa6XcInsTJ9iIk/sZCV\niHgqz0qYZFSziaL0KecMjNK35CSTJQ/qnVv5fkRXOazRpFB0Zcp3ZINb72l5zPND\nCI2HkJMtGCbrUnN8OJvdFWLo7uXGIQEC3c4dlx/x8m/UtkO3Jsro1qOqTdLEKvaG\n6Atj3cFVOnd/SM4geleBOe536hHPsgwTtctkNlKk8JE8CryjEarR+vpb6yRAt1Wx\nU0ykaXiRPyqadHhoOjtiSIpGZstOZ3lG0VLykhDAj/J2Mu5rwiFjdM4G0wRV0DE/\njVH/NxzoMRM+226T33bY2fM8SwtTsRw0gZyytZG2iIw1xT44ajvN6KTiR+M74h+J\nyYXw357yMvtOwhdnQ/Npk04OCiHvYr+Rr4spSSyJG6FkBINGL2uIx2p4GgxRFzjV\nakGElyRXa6WyKbILktAQz/JF6TGQvhhqBxjOmdF04Vs1gOA9h3sM64PsJlSVhx8A\nNhvh9DjFMdBVd5es0sfCqtksWFETGnwi2kNhPc6AHAKlkgGntbR6Krc98JnxkTT+\nbuDgLRHED0aOFpnXiQ0lADYKLrHQoQFiM1btKUoHM94=ouaJ\n-----END PGP SIGNATURE-----\n. \n\nInstallation note:\n\nSafari 12.0.3 may be obtained from the Mac App Store. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: March 14, 2019\n Bugs: #672108, #674702, #678334\n ID: 201903-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.22.6 \u003e= 2.22.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.22.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-6212\n https://nvd.nist.gov/vuln/detail/CVE-2019-6212\n[ 2 ] CVE-2019-6215\n https://nvd.nist.gov/vuln/detail/CVE-2019-6215\n[ 3 ] CVE-2019-6216\n https://nvd.nist.gov/vuln/detail/CVE-2019-6216\n[ 4 ] CVE-2019-6217\n https://nvd.nist.gov/vuln/detail/CVE-2019-6217\n[ 5 ] CVE-2019-6226\n https://nvd.nist.gov/vuln/detail/CVE-2019-6226\n[ 6 ] CVE-2019-6227\n https://nvd.nist.gov/vuln/detail/CVE-2019-6227\n[ 7 ] CVE-2019-6229\n https://nvd.nist.gov/vuln/detail/CVE-2019-6229\n[ 8 ] CVE-2019-6233\n https://nvd.nist.gov/vuln/detail/CVE-2019-6233\n[ 9 ] CVE-2019-6234\n https://nvd.nist.gov/vuln/detail/CVE-2019-6234\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ------------------------------------------------------------------------\nWebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001\n------------------------------------------------------------------------\n\nDate reported : February 08, 2019\nAdvisory ID : WSA-2019-0001\nWebKitGTK+ Advisory URL : \nhttps://webkitgtk.org/security/WSA-2019-0001.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2019-0001.html\nCVE identifiers : CVE-2019-6212, CVE-2019-6215, CVE-2019-6216,\n CVE-2019-6217, CVE-2019-6226, CVE-2019-6227,\n CVE-2019-6229, CVE-2019-6233, CVE-2019-6234. \n\nCVE-2019-6212\n Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before\n 2.22.4. \n Credit to an anonymous researcher. \n\nCVE-2019-6215\n Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before\n 2.22.4. \n Credit to Lokihardt of Google Project Zero. \n\nCVE-2019-6216\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Fluoroacetate working with Trend Micro\u0027s Zero Day\n Initiative. \n\nCVE-2019-6217\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Fluoroacetate working with Trend Micro\u0027s Zero Day\n Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan\n Team. \n\nCVE-2019-6226\n Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n Credit to Apple. \n\nCVE-2019-6227\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Qixun Zhao of Qihoo 360 Vulcan Team. \n\nCVE-2019-6229\n Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before\n 2.22.3. \n Credit to Ryan Pickren. \n\nCVE-2019-6233\n Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before\n 2.22.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro\u0027s Zero\n Day Initiative. \n\nCVE-2019-6234\n Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before\n 2.22.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro\u0027s Zero\n Day Initiative. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK+ and\nWPE WebKit. It is the best way to ensure that you are running safe\nversions of WebKit. Please check our websites for information about the\nlatest stable releases. \n\nFurther information about WebKitGTK+ and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK+ and WPE WebKit team,\nFebruary 08, 2019\n", "sources": [ { "db": "NVD", "id": "CVE-2019-6216" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "BID", "id": "106699" }, { "db": "VULHUB", "id": "VHN-157651" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "PACKETSTORM", "id": "151332" }, { "db": "PACKETSTORM", "id": "151283" }, { "db": "PACKETSTORM", "id": "151282" }, { "db": "PACKETSTORM", "id": "151285" }, { "db": "PACKETSTORM", "id": "152086" }, { "db": "PACKETSTORM", "id": "151592" } ], "trust": 3.96 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6216", "trust": 4.2 }, { "db": "BID", "id": "106699", "trust": 2.1 }, { "db": "JVN", "id": "JVNVU97670311", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2019-002243", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-001192", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7479", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-131", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201901-805", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152086", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0604", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0639", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-157651", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6216", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151332", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151283", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151282", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151285", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151592", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "VULHUB", "id": "VHN-157651" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "BID", "id": "106699" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "PACKETSTORM", "id": "151332" }, { "db": "PACKETSTORM", "id": "151283" }, { "db": "PACKETSTORM", "id": "151282" }, { "db": "PACKETSTORM", "id": "151285" }, { "db": "PACKETSTORM", "id": "152086" }, { "db": "PACKETSTORM", "id": "151592" }, { "db": "CNNVD", "id": "CNNVD-201901-805" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "id": "VAR-201903-0441", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-157651" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:46:20.783000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT209443", "trust": 1.6, "url": "https://support.apple.com/en-us/ht209443" }, { "title": "HT209447", "trust": 1.6, "url": "https://support.apple.com/en-us/ht209447" }, { "title": "HT209448", "trust": 1.6, "url": "https://support.apple.com/en-us/ht209448" }, { "title": "HT209449", "trust": 1.6, "url": "https://support.apple.com/en-us/ht209449" }, { "title": "HT209451", "trust": 1.6, "url": "https://support.apple.com/en-us/ht209451" }, { "title": "HT209450", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209450" }, { "title": "HT209443", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209443" }, { "title": "HT209447", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209447" }, { "title": "HT209448", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209448" }, { "title": "HT209449", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209449" }, { "title": "HT209450", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209450" }, { "title": "HT209451", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht209451" }, { "title": "About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra", "trust": 0.8, "url": "https://support.apple.com/en-us/ht209446" }, { "title": "Apple has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://support.apple.com/kb/ht201222" }, { "title": "Multiple Apple product WebKit Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88908" }, { "title": "sec-daily-2019", "trust": 0.1, "url": "https://github.com/alphaseclab/sec-daily-2019 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "CNNVD", "id": "CNNVD-201901-805" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157651" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "http://www.securityfocus.com/bid/106699" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6216" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201903-12" }, { "trust": 1.8, "url": "https://support.apple.com/ht209443" }, { "trust": 1.8, "url": "https://support.apple.com/ht209447" }, { "trust": 1.8, "url": "https://support.apple.com/ht209448" }, { "trust": 1.8, "url": "https://support.apple.com/ht209449" }, { "trust": 1.8, "url": "https://support.apple.com/ht209450" }, { "trust": 1.8, "url": "https://support.apple.com/ht209451" }, { "trust": 1.6, "url": "https://jvn.jp/vu/jvnvu97670311/index.html" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6216" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6226" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6227" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6217" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190511-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76318" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76166" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkitgtk-two-vulnerabilities-28505" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152086/gentoo-linux-security-advisory-201903-12.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6212" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6233" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6215" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6229" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6234" }, { "trust": 0.4, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://www.apple.com/" }, { "trust": 0.3, "url": "http://www.apple.com/ios/" }, { "trust": 0.3, "url": "http://www.apple.com/safari/" }, { "trust": 0.3, "url": "http://www.apple.com/accessibility/tvos/" }, { "trust": 0.3, "url": "http://www.apple.com/watchos-2/" }, { "trust": 0.3, "url": "https://www.apple.com/icloud/" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht209451" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht209443" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht209449" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht209447" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht209448" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht201222" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20346" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20505" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6235" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20506" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6210" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6213" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6214" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6230" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6224" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6209" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphaseclab/sec-daily-2019" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6221" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6208" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6228" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6219" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2019-0001.html" }, { "trust": 0.1, "url": "https://webkitgtk.org/security.html" }, { "trust": 0.1, "url": "https://wpewebkit.org/security/wsa-2019-0001.html" }, { "trust": 0.1, "url": "https://wpewebkit.org/security/." } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "VULHUB", "id": "VHN-157651" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "BID", "id": "106699" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "PACKETSTORM", "id": "151332" }, { "db": "PACKETSTORM", "id": "151283" }, { "db": "PACKETSTORM", "id": "151282" }, { "db": "PACKETSTORM", "id": "151285" }, { "db": "PACKETSTORM", "id": "152086" }, { "db": "PACKETSTORM", "id": "151592" }, { "db": "CNNVD", "id": "CNNVD-201901-805" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-131" }, { "db": "VULHUB", "id": "VHN-157651" }, { "db": "VULMON", "id": "CVE-2019-6216" }, { "db": "BID", "id": "106699" }, { "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "db": "PACKETSTORM", "id": "151332" }, { "db": "PACKETSTORM", "id": "151283" }, { "db": "PACKETSTORM", "id": "151282" }, { "db": "PACKETSTORM", "id": "151285" }, { "db": "PACKETSTORM", "id": "152086" }, { "db": "PACKETSTORM", "id": "151592" }, { "db": "CNNVD", "id": "CNNVD-201901-805" }, { "db": "NVD", "id": "CVE-2019-6216" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-25T00:00:00", "db": "ZDI", "id": "ZDI-19-131" }, { "date": "2019-03-05T00:00:00", "db": "VULHUB", "id": "VHN-157651" }, { "date": "2019-03-05T00:00:00", "db": "VULMON", "id": "CVE-2019-6216" }, { "date": "2019-01-22T00:00:00", "db": "BID", "id": "106699" }, { "date": "2019-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "date": "2019-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "date": "2019-01-25T14:58:45", "db": "PACKETSTORM", "id": "151332" }, { "date": "2019-01-23T21:28:00", "db": "PACKETSTORM", "id": "151283" }, { "date": "2019-01-23T21:27:49", "db": "PACKETSTORM", "id": "151282" }, { "date": "2019-01-23T21:28:42", "db": "PACKETSTORM", "id": "151285" }, { "date": "2019-03-14T16:23:59", "db": "PACKETSTORM", "id": "152086" }, { "date": "2019-02-11T16:03:48", "db": "PACKETSTORM", "id": "151592" }, { "date": "2019-01-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-805" }, { "date": "2019-03-05T16:29:01.513000", "db": "NVD", "id": "CVE-2019-6216" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-14T00:00:00", "db": "ZDI", "id": "ZDI-19-131" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-157651" }, { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-6216" }, { "date": "2019-01-22T00:00:00", "db": "BID", "id": "106699" }, { "date": "2019-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002243" }, { "date": "2019-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001192" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-805" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-6216" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-805" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Multiple memory corruption vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002243" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-805" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.