VAR-201912-0127
Vulnerability from variot - Updated: 2023-12-18 11:25This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Face ID is one of the facial recognition components. There is a security vulnerability in the Face ID component of Apple iOS versions prior to 13. Attackers can use 3D models to exploit this vulnerability for authentication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-9-26-3 iOS 13
iOS 13 addresses the following:
Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the display of notification previews. This issue was addressed with improved validation. CVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci (@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte Consulting, Ömer Bozdoğan-Ramazan Atıl Anadolu Lisesi Adana/TÜRKİYE
CoreAudio Available for: iPhone 6s and later Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8760: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab
Foundation Available for: iPhone 6s and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero
Keyboards Available for: iPhone 6s and later Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management. CVE-2019-8704: 王 邦 宇 (wAnyBug.Com) of SAINTSEC
Messages Available for: iPhone 6s and later Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8742: videosdebarraquito
Quick Look Available for: iPhone 6s and later Impact: Processing a maliciously crafted file may disclose user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT, Yiğit Can YILMAZ (@yilmazcanyigit)
Safari Available for: iPhone 6s and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management. CVE-2019-8727: Divyanshu Shukla (@justm0rph3u5) of Quotient Technology
WebKit Page Loading Available for: iPhone 6s and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8674
Additional recognition
Bluetooth We would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile Networking Lab, Jiska Classen of TU Darmstadt, Secure Mobile Networking Lab, Francesco Gringoli of University of Brescia, Dennis Heinze of TU Darmstadt, Secure Mobile Networking Lab for their assistance.
Control Center We would like to acknowledge Brandon Sellers for their assistance.
Keyboard We would like to acknowledge an anonymous researcher for their assistance.
Mail We would like to acknowledge Kenneth Hyndycz for their assistance.
Profiles We would like to acknowledge James Seeley (@Code4iOS) of Shriver Job Corps for their assistance.
SafariViewController We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 13".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGXUACgkQBz4uGe3y 0M0IaxAAsylDd2Oc5zuJXYgbN/WXihPF0k8Swhxypi65S1NbMLMrvL64NDPEpp2W BQ10PBqcPR4KDEnxTBn4AbcMPJE+U9LDcclv8+L2mopbjhQKBOKbCnWuxTfN2wk7 XfuSci+dFA4mQ3GPX6s+2+vqT59O001QeOQqvSDxBFsjlQTW1Vq96YHHb0KC4tDO r3nZZWboCPpVNkyXdFwKd6m+eqqMJaMNTj5el/5AZ3H7ynSe7sKI/gvZWgZSj/Nj hnbHIEAVCBwBzLY+3MQ8qNKi3M/gDbTYkuEj0+yUZ45gfj/ZgOyznggkn1yXA/Qw 7Uo1W1u75M3tHx1citWdQAq3UsGT8yxMQkYyZzU0h7bwNR6k6jy7NblAYEGNaas9 aMBxkL80QR8HvQmalMHgexC/bgg8grmf0ZzBmJcW9/zdYXcwPPn3dcukLQqXNo4o CgBDmLScJS9/0ULAk1MUgtb+FgmgI+u4pKqr6BRuEOCuyU8Pu4t0DzG/g7sVdCf4 EzVTrYjFLstd+waAj0TD4fCMDzrtc920Kfetxoq0tUkBj25KrWLrkhzgVCRd+GP8 o4IMT1AVuwxdmUQxsaQIC7qRWtYOwsGD4eSYXyZWfNvhacRm7QCNVGcYiw7bdd/u Q6eST5657wg/kFHQybkilyZ2DhyToMzW6kBkbXazY2ITiAegwp8= =uZLp -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "13 (iphone x or later )"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8760"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wish Wu ( Wu Weichen @wish_wu) of Ant-financial Light-Year Security Lab",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8760",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8760",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-160195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8760",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8760",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1283",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Face ID is one of the facial recognition components. There is a security vulnerability in the Face ID component of Apple iOS versions prior to 13. Attackers can use 3D models to exploit this vulnerability for authentication. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-3 iOS 13\n\niOS 13 addresses the following:\n\nBluetooth\nAvailable for: iPhone 6s and later\nImpact: Notification previews may show on Bluetooth accessories even\nwhen previews are disabled\nDescription: A logic issue existed with the display of notification\npreviews. This issue was addressed with improved validation. \nCVE-2019-8711: Arjang of MARK ANTHONY GROUP INC., Cemil Ozkebapci\n(@cemilozkebapci) of Garanti BBVA, Oguzhan Meral of Deloitte\nConsulting, \u00d6mer Bozdo\u011fan-Ramazan At\u0131l Anadolu Lisesi Adana/T\u00dcRK\u0130YE\n\nCoreAudio\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8760: Wish Wu (\u5434\u6f4d\u6d60 @wish_wu) of Ant-financial Light-Year\nSecurity Lab\n\nFoundation\nAvailable for: iPhone 6s and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8641: Samuel Gro\u00df and Natalie Silvanovich of Google Project\nZero\n\nKeyboards\nAvailable for: iPhone 6s and later\nImpact: A local user may be able to leak sensitive user information\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2019-8704: \u738b \u90a6 \u5b87 (wAnyBug.Com) of SAINTSEC\n\nMessages\nAvailable for: iPhone 6s and later\nImpact: A person with physical access to an iOS device may be able to\naccess contacts from the lock screen\nDescription: The issue was addressed by restricting options offered\non a locked device. \nCVE-2019-8742: videosdebarraquito\n\nQuick Look\nAvailable for: iPhone 6s and later\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed with improved\npermission validation. \nCVE-2019-8731: Saif Hamed Hamdan Al Hinai of Oman National CERT,\nYi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nSafari\nAvailable for: iPhone 6s and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8727: Divyanshu Shukla (@justm0rph3u5) of Quotient\nTechnology\n\nWebKit Page Loading\nAvailable for: iPhone 6s and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8674\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jan Ruge of TU Darmstadt, Secure Mobile\nNetworking Lab, Jiska Classen of TU Darmstadt, Secure Mobile\nNetworking Lab, Francesco Gringoli of University of Brescia, Dennis\nHeinze of TU Darmstadt, Secure Mobile Networking Lab for their\nassistance. \n\nControl Center\nWe would like to acknowledge Brandon Sellers for their assistance. \n\nKeyboard\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail\nWe would like to acknowledge Kenneth Hyndycz for their assistance. \n\nProfiles\nWe would like to acknowledge James Seeley (@Code4iOS) of Shriver Job\nCorps for their assistance. \n\nSafariViewController\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGXUACgkQBz4uGe3y\n0M0IaxAAsylDd2Oc5zuJXYgbN/WXihPF0k8Swhxypi65S1NbMLMrvL64NDPEpp2W\nBQ10PBqcPR4KDEnxTBn4AbcMPJE+U9LDcclv8+L2mopbjhQKBOKbCnWuxTfN2wk7\nXfuSci+dFA4mQ3GPX6s+2+vqT59O001QeOQqvSDxBFsjlQTW1Vq96YHHb0KC4tDO\nr3nZZWboCPpVNkyXdFwKd6m+eqqMJaMNTj5el/5AZ3H7ynSe7sKI/gvZWgZSj/Nj\nhnbHIEAVCBwBzLY+3MQ8qNKi3M/gDbTYkuEj0+yUZ45gfj/ZgOyznggkn1yXA/Qw\n7Uo1W1u75M3tHx1citWdQAq3UsGT8yxMQkYyZzU0h7bwNR6k6jy7NblAYEGNaas9\naMBxkL80QR8HvQmalMHgexC/bgg8grmf0ZzBmJcW9/zdYXcwPPn3dcukLQqXNo4o\nCgBDmLScJS9/0ULAk1MUgtb+FgmgI+u4pKqr6BRuEOCuyU8Pu4t0DzG/g7sVdCf4\nEzVTrYjFLstd+waAj0TD4fCMDzrtc920Kfetxoq0tUkBj25KrWLrkhzgVCRd+GP8\no4IMT1AVuwxdmUQxsaQIC7qRWtYOwsGD4eSYXyZWfNvhacRm7QCNVGcYiw7bdd/u\nQ6eST5657wg/kFHQybkilyZ2DhyToMzW6kBkbXazY2ITiAegwp8=\n=uZLp\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "PACKETSTORM",
"id": "154641"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8760",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3642",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154641",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "PACKETSTORM",
"id": "154641"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"id": "VAR-201912-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160195"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:25:48.728000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT210606",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210606"
},
{
"title": "HT210606",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210606"
},
{
"title": "Apple iOS Face ID Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98670"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-326",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht210606"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8760"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8760"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210606"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210606"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-12-multiple-vulnerabilities-30457"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3642/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8727"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8711"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8731"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "PACKETSTORM",
"id": "154641"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"db": "PACKETSTORM",
"id": "154641"
},
{
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160195"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"date": "2019-09-27T15:01:11",
"db": "PACKETSTORM",
"id": "154641"
},
{
"date": "2019-12-18T18:15:39.257000",
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"date": "2019-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-160195"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013749"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-8760"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iOS Vulnerabilities related to cryptographic strength",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1283"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.