var-201912-0129
Vulnerability from variot
The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. SharedFileList is one of the shared file list components. A security vulnerability exists in the SharedFileList component of Apple macOS Catalina prior to 10.15. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-10-07-1 macOS Catalina 10.15
macOS Catalina 10.15 is now available and addresses the following:
AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team
apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042
CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. CVE-2019-8757: William Cerniuk of Core Development, LLC
Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro
IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8781: Linus Henze (pinauten.de)
Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University
PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum
SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH
sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360
UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. CVE-2019-8769: Piérre Reimertz (@reimertz)
WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. CVE-2019-8768: Hugo S. Diaz (coldpointblue)
Additional recognition
Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Safari Data Importing We would like to acknowledge Kent Zoya for their assistance.
Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance.
Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance.
Installation note:
macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2blu0ACgkQBz4uGe3y 0M1A7g//e9fSj7PMQLPpztkv54U3jAPgU5jxKEIeSxvImDLg94YFDH1RxiZ8UP+4 R8tb2vEi+gEV/MWHQyExunrUoxMc0szqFEEyTcA1nxUMTsYtmQNDVeMlv4nc9sOs n3Eh1wajdkmnBJoEzQoJfM7W09ND0eFcyr2ucnH7bZXQWkG4ZdJwgtCA0kdlcODK Y7730ZREKqt88cBKJMow0y2CyeCWK4E1yWD6OTx0Iqf2fZXNinZw/ViDQEOrULy0 Dydi9GF8BmTWNQfiRd9quYN3k0ETe3jMYv7SFwv3LV820OobvY0qlSOAucjkjcNe SKhbewe2MRo5EXCRVPYgVMW9elVFtjgSITr7B7a/u6NGUW2jhFj1EeonvOaKDUqu Kybq7oa3F4EY1hZRs288GzIFdV8osjwggAJ4AithJVEa8fhepS4Q9wIDsEHgkHZa /epkzfoXTRNBMC2qf87i1vbLSrN9qxegxHoGn/dVzz/p008m3AfKZmndZ6vRG0ac jv/lw1lhaKVKyusvix3MU5GVwZvGVqYuqfISp+uaJEBJ4nuUw4LKuzimCAjjCmnw CV2Mz9aZG1PX5KrfuYwEc/bw49ODnCW3KiaCD0XlO4MdtEDA9lYoUdmsCbnmMzIa rJ3xEcFpjOnJVVXLIWopXzIb23/5YaKctqcRScfmGpoHKRIkzQo= =ibLV -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0129", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.15" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 10.9 earlier" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.16 (includes aas 8.2) earlier" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.4.4 earlier" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "13.3 earlier" }, { "model": "ipados", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "13.3 earlier" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.10.3 for windows earlier" }, { "model": "macos catalina", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.15.2 earlier" }, { "model": "macos high sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.13.6 (security update 2019-007 not applied )" }, { "model": "macos mojave", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.14.6 (security update 2019-002 not applied )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "13.0.4 earlier" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "13.3 earlier" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.3.4 earlier" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.1.1 earlier" }, { "model": "xcode", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.3 earlier" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "NVD", "id": "CVE-2019-8770" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.15", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-8770" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "154768" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ], "trust": 0.7 }, "cve": "CVE-2019-8770", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-160205", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-8770", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201910-325", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-160205", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160205" }, { "db": "NVD", "id": "CVE-2019-8770" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Falsification of information * Arbitrary code execution * Service operation interruption (DoS) * Privilege escalation * Authentication bypass. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. SharedFileList is one of the shared file list components. A security vulnerability exists in the SharedFileList component of Apple macOS Catalina prior to 10.15. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-07-1 macOS Catalina 10.15\n\nmacOS Catalina 10.15 is now available and addresses the following:\n\nAMD\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-11041\nCVE-2019-11042\n\nCoreAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. \nCVE-2019-8757: William Cerniuk of Core Development, LLC\n\nIntel Graphics Driver\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8758: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8755: Lilang Wu and Moony Li of Trend Micro\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8781: Linus Henze (pinauten.de)\n\nNotes\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH\n\nsips\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)\nand pjf of IceSword Lab of Qihoo 360\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s\nZero Day Initiative\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\n\nAdditional recognition\n\nFinder\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nGatekeeper\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nSafari Data Importing\nWe would like to acknowledge Kent Zoya for their assistance. \n\nSimple certificate enrollment protocol (SCEP)\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nTelephony\nWe would like to acknowledge Phil Stokes from SentinelOne for their\nassistance. \n\nInstallation note:\n\nmacOS Catalina 10.15 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2blu0ACgkQBz4uGe3y\n0M1A7g//e9fSj7PMQLPpztkv54U3jAPgU5jxKEIeSxvImDLg94YFDH1RxiZ8UP+4\nR8tb2vEi+gEV/MWHQyExunrUoxMc0szqFEEyTcA1nxUMTsYtmQNDVeMlv4nc9sOs\nn3Eh1wajdkmnBJoEzQoJfM7W09ND0eFcyr2ucnH7bZXQWkG4ZdJwgtCA0kdlcODK\nY7730ZREKqt88cBKJMow0y2CyeCWK4E1yWD6OTx0Iqf2fZXNinZw/ViDQEOrULy0\nDydi9GF8BmTWNQfiRd9quYN3k0ETe3jMYv7SFwv3LV820OobvY0qlSOAucjkjcNe\nSKhbewe2MRo5EXCRVPYgVMW9elVFtjgSITr7B7a/u6NGUW2jhFj1EeonvOaKDUqu\nKybq7oa3F4EY1hZRs288GzIFdV8osjwggAJ4AithJVEa8fhepS4Q9wIDsEHgkHZa\n/epkzfoXTRNBMC2qf87i1vbLSrN9qxegxHoGn/dVzz/p008m3AfKZmndZ6vRG0ac\njv/lw1lhaKVKyusvix3MU5GVwZvGVqYuqfISp+uaJEBJ4nuUw4LKuzimCAjjCmnw\nCV2Mz9aZG1PX5KrfuYwEc/bw49ODnCW3KiaCD0XlO4MdtEDA9lYoUdmsCbnmMzIa\nrJ3xEcFpjOnJVVXLIWopXzIb23/5YaKctqcRScfmGpoHKRIkzQo=\n=ibLV\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2019-8770" }, { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "VULHUB", "id": "VHN-160205" }, { "db": "PACKETSTORM", "id": "154768" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-8770", "trust": 2.6 }, { "db": "JVN", "id": "JVNVU99404393", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-012754", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201910-325", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154768", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3758", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160205", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160205" }, { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-8770" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "id": "VAR-201912-0129", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160205" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:00:49.275000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "About the security content of Safari 13.0.4", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210792" }, { "title": "About the security content of Xcode 11.3", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210796" }, { "title": "Mac \u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b macOS \u3092\u8abf\u3079\u308b", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht201260" }, { "title": "About the security content of iOS 13.3 and iPadOS 13.3", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210785" }, { "title": "About the security content of iCloud for Windows 10.9", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210794" }, { "title": "About the security content of iOS 12.4.4", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210787" }, { "title": "About the security content of iCloud for Windows 7.16 (includes AAS 8.2)", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210795" }, { "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210788" }, { "title": "About the security content of iTunes 12.10.3 for Windows", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210793" }, { "title": "About the security content of watchOS 6.1.1", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210789" }, { "title": "About the security content of tvOS 13.3", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210790" }, { "title": "About the security content of watchOS 5.3.4", "trust": 0.8, "url": "https://support.apple.com/en-us/ht210791" }, { "title": "Apple macOS Catalina SharedFileList Fixes for component security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99029" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2019-8770" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/ht210634" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8701" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8745" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8770" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8705" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8748" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8772" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8707" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8755" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8781" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8717" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8757" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8719" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8758" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8726" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8763" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8730" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8768" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8625" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8733" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8769" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99404393/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8719" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8726" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8763" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8733" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8707" }, { "trust": 0.6, "url": "https://support.apple.com/en-il/ht210634" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3758/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154768/apple-security-advisory-2019-10-07-1.html" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210634" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-160205" }, { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-8770" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-160205" }, { "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-8770" }, { "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-18T00:00:00", "db": "VULHUB", "id": "VHN-160205" }, { "date": "2019-12-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "date": "2019-10-08T19:59:26", "db": "PACKETSTORM", "id": "154768" }, { "date": "2019-12-18T18:15:40.053000", "db": "NVD", "id": "CVE-2019-8770" }, { "date": "2019-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-160205" }, { "date": "2020-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-012754" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-8770" }, { "date": "2021-10-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-325" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-325" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Updates to product vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-012754" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-325" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.