var-201912-0492
Vulnerability from variot
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Both Apple iOS and Apple tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. GeoServices is one of the geographic service components. A buffer error vulnerability exists in the GeoServices component in Apple iOS versions prior to 12.2, Apple watchOS versions prior to 5.2, and tvOS versions prior to 12.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-3-27-1 watchOS 5.2
watchOS 5.2 is now available and addresses the following:
CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.
configd Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher
CoreCrypto Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
file Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher
Foundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero
GeoServices Available for: Apple Watch Series 1 and later Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher
iAP Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Kernel Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG
Messages Available for: Apple Watch Series 1 and later Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang
Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8548: Tobias Sachs
Power Management Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
Privacy Available for: Apple Watch Series 1 and later Impact: A malicious app may be able to track users between installs Description: A privacy issue existed in motion sensor calibration. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited
Siri Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
TrueTypeScaler Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Additional recognition
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7cpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GugRAA tKuWyrX6EQy9jaNducv7s/nxmsgrUl5zrnNCCO2WKnNIHT8v+iRWFHZi+w1lTRW4 2rUTCVibxMSJLazyhPoU4Ngaor6MoABfzVJvSAMD1EeP2kAmk1Qg4vEAzuhlGcpF zbq6OWxlGGU5YQHak2bhUEeaS1/EgSfdT7xVr+Iczh6f/6vDKluKc3yRKQODU8ZP wA4S25wH5hXVjOeiit/6ZMj8NgBf0V8qbms4kWSoen+dFzoc2HhP9SJrViO57y+b D1AHEJgPQIP/RB7jjskK6aOPQ3v3FaXSRnBn+Cyig9Ost+rVkOeARp72rCobyNBR uCtUeEX09oyErlmVyR3Zg0mBSMkvPqK1CvBfWBb5SrZ05i6/OuYCCYnaStdRzcmM e/7GI30HYjDbVtLhxCJO66pvtGpJluzmVkotg2IKefMC7zoruSEZilCBRdcS9pAZ v0D9ioTw4cZ2RXpeCNNK4hjpSygWJdgdz7SlO2KuTHwuVWXXRiETJwG0IB8B8GJj yHPZYu8HKkEA1dPBeOdbGuj9H/XbyCO4bWkPSAWQIW0IUsCwNmUp11oLGWb8pcFO ypLKrlLr/JkDJpL5aVryYZSlzqwi1mBo8r22wjEtKLlFrCln3gecNcny4ykURluo Pbnmdta0YH4vutI0PA/m+xA/Y4eMzRRRUlCNqZZHAGI= =zRUq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.11 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.2 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.9.4 for windows earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2019-002 not applied )"
},
{
"model": "macos mojave",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.4 earlier"
},
{
"model": "macos sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2019-002 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.2 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2 earlier"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8553"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "152277"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
],
"trust": 0.7
},
"cve": "CVE-2019-8553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-159988",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8553",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-972",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159988",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Both Apple iOS and Apple tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. GeoServices is one of the geographic service components. A buffer error vulnerability exists in the GeoServices component in Apple iOS versions prior to 12.2, Apple watchOS versions prior to 5.2, and tvOS versions prior to 12.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-27-1 watchOS 5.2\n\nwatchOS 5.2 is now available and addresses the following:\n\nCFString\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nfile\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nFoundation\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-7286: an anonymous researcher, Clement Lecigne of Google\nThreat Analysis Group, Ian Beer of Google Project Zero, and Samuel\nGro\u00df of Google Project Zero\n\nGeoServices\nAvailable for: Apple Watch Series 1 and later\nImpact: Clicking a malicious SMS link may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8553: an anonymous researcher\n\niAP\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOHIDFamily\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nPasscode\nAvailable for: Apple Watch Series 1 and later\nImpact: A partially entered passcode may not clear when the device\ngoes to sleep\nDescription: An issue existed where partially entered passcodes may\nnot clear when the device went to sleep. This issue was addressed by\nclearing the passcode when a locked device sleeps. \nCVE-2019-8548: Tobias Sachs\n\nPower Management\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nPrivacy\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious app may be able to track users between installs\nDescription: A privacy issue existed in motion sensor calibration. \nCVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the\nUniversity of Cambridge, Ian Sheret of Polymath Insight Limited\n\nSiri\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTrueTypeScaler\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8559: Apple\nCVE-2019-8563: Apple\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8536: Apple\nCVE-2019-8544: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7cpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GugRAA\ntKuWyrX6EQy9jaNducv7s/nxmsgrUl5zrnNCCO2WKnNIHT8v+iRWFHZi+w1lTRW4\n2rUTCVibxMSJLazyhPoU4Ngaor6MoABfzVJvSAMD1EeP2kAmk1Qg4vEAzuhlGcpF\nzbq6OWxlGGU5YQHak2bhUEeaS1/EgSfdT7xVr+Iczh6f/6vDKluKc3yRKQODU8ZP\nwA4S25wH5hXVjOeiit/6ZMj8NgBf0V8qbms4kWSoen+dFzoc2HhP9SJrViO57y+b\nD1AHEJgPQIP/RB7jjskK6aOPQ3v3FaXSRnBn+Cyig9Ost+rVkOeARp72rCobyNBR\nuCtUeEX09oyErlmVyR3Zg0mBSMkvPqK1CvBfWBb5SrZ05i6/OuYCCYnaStdRzcmM\ne/7GI30HYjDbVtLhxCJO66pvtGpJluzmVkotg2IKefMC7zoruSEZilCBRdcS9pAZ\nv0D9ioTw4cZ2RXpeCNNK4hjpSygWJdgdz7SlO2KuTHwuVWXXRiETJwG0IB8B8GJj\nyHPZYu8HKkEA1dPBeOdbGuj9H/XbyCO4bWkPSAWQIW0IUsCwNmUp11oLGWb8pcFO\nypLKrlLr/JkDJpL5aVryYZSlzqwi1mBo8r22wjEtKLlFrCln3gecNcny4ykURluo\nPbnmdta0YH4vutI0PA/m+xA/Y4eMzRRRUlCNqZZHAGI=\n=zRUq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "PACKETSTORM",
"id": "152277"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8553",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93236010",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001923",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152277",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1032",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-159988",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "PACKETSTORM",
"id": "152277"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"id": "VAR-201912-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159988"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:45:50.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of iCloud for Windows 7.11",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209605"
},
{
"title": "About the security content of watchOS 5.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209602"
},
{
"title": "About the security content of iOS 12.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209599"
},
{
"title": "About the security content of Xcode 10.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209606"
},
{
"title": "About the security content of tvOS 12.2",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209601"
},
{
"title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"title": "About the security content of Safari 12.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209603"
},
{
"title": "About the security content of iTunes 12.9.4 for Windows",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht209604"
},
{
"title": "Apple tvOS and Apple iOS GeoServices Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90416"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht209599"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht209601"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht209602"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8553"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93236010/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6232"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6236"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8565"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8567"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8556"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8555"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8554"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht209599"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht209602"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209602"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77810"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77986"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152277/apple-security-advisory-2019-3-27-1.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8548"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "PACKETSTORM",
"id": "152277"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"db": "PACKETSTORM",
"id": "152277"
},
{
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-159988"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"date": "2019-03-28T16:23:02",
"db": "PACKETSTORM",
"id": "152277"
},
{
"date": "2019-12-18T18:15:25.707000",
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"date": "2019-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-159988"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001923"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-8553"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-972"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.