var-201912-0593
Vulnerability from variot
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based Versions prior to iTunes 12.9.5; versions prior to watchOS 5.2.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902).
Alternatively, on your watch, select "My Watch > General > About".
Installation note:
Safari 12.1.1 may be obtained from the Mac App Store. ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
Date reported : May 20, 2019 Advisory ID : WSA-2019-0003 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0003.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0003.html CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623.
CVE-2019-6237 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team.
CVE-2019-8571 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to 01 working with Trend Micro's Zero Day Initiative.
CVE-2019-8583 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech.
CVE-2019-8584 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative.
CVE-2019-8586 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher.
CVE-2019-8587 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8594 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab.
CVE-2019-8595 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative.
CVE-2019-8596 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech.
CVE-2019-8597 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to 01 working with Trend Micro Zero Day Initiative.
CVE-2019-8601 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative.
CVE-2019-8607 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Junho Jang and Hanul Choi of LINE Security Team.
CVE-2019-8608 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8609 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Wen Xu of SSLab, Georgia Tech.
CVE-2019-8610 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Anonymous working with Trend Micro Zero Day Initiative.
CVE-2019-8615 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative.
CVE-2019-8611 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8619 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab.
CVE-2019-8622 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8623 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team, May 20, 2019
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero
Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida
Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero
Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero
MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931)
Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research
Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan
StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt
Additional recognition
Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance.
MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance.
MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Safari We would like to acknowledge Ben Guild (@benguild) for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 12.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.12"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.4 (windows 10 18362.145 or later )"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.12 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.9.5 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.1 (macos high sierra 10.13.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.1 (macos mojave 10.14.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1.1 (macos sierra 10.12.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (apple tv hd)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (apple watch series 1 or later )"
},
{
"model": "airmac base station",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "update 7.9.1 earlier"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.12 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.9.5 earlier"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.9"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.11"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.9.5"
},
{
"model": "icloud",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "108497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8583",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160018",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8583",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8583",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-514",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160018",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-8583",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based Versions prior to iTunes 12.9.5; versions prior to watchOS 5.2.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)\nWebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)\nAn out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)\nA logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)\nA logic issue existed in the handling of document loads. (CVE-2019-8719)\nThis fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)\nAn issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)\nWebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)\nA use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)\nA race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)\nAn input validation issue was addressed with improved input validation. (CVE-2020-3902). \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInstallation note:\n\nSafari 12.1.1 may be obtained from the Mac App Store. ------------------------------------------------------------------------\nWebKitGTK and WPE WebKit Security Advisory WSA-2019-0003\n------------------------------------------------------------------------\n\nDate reported : May 20, 2019\nAdvisory ID : WSA-2019-0003\nWebKitGTK Advisory URL : \nhttps://webkitgtk.org/security/WSA-2019-0003.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2019-0003.html\nCVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583,\n CVE-2019-8584, CVE-2019-8586, CVE-2019-8587,\n CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,\n CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,\n CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,\n CVE-2019-8615, CVE-2019-8611, CVE-2019-8619,\n CVE-2019-8622, CVE-2019-8623. \n\nCVE-2019-6237\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to G. Geshev working with Trend Micro Zero Day Initiative,\n Liu Long of Qihoo 360 Vulcan Team. \n\nCVE-2019-8571\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to 01 working with Trend Micro\u0027s Zero Day Initiative. \n\nCVE-2019-8583\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of\n Tencent Keen Lab, and dwfault working at ADLab of Venustech. \n\nCVE-2019-8584\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day\n Initiative. \n\nCVE-2019-8586\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to an anonymous researcher. \n\nCVE-2019-8587\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to G. Geshev working with Trend Micro Zero Day Initiative. \n\nCVE-2019-8594\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to Suyoung Lee and Sooel Son of KAIST Web Security \u0026 Privacy\n Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab. \n\nCVE-2019-8595\n Versions affected: WebKitGTK and WPE WebKit before 2.24.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day\n Initiative. \n\nCVE-2019-8596\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to Wen Xu of SSLab at Georgia Tech. \n\nCVE-2019-8597\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to 01 working with Trend Micro Zero Day Initiative. \n\nCVE-2019-8601\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to Fluoroacetate working with Trend Micro\u0027s Zero Day\n Initiative. \n\nCVE-2019-8607\n Versions affected: WebKitGTK and WPE WebKit before 2.24.2. \n Credit to Junho Jang and Hanul Choi of LINE Security Team. \n\nCVE-2019-8608\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to G. Geshev working with Trend Micro Zero Day Initiative. \n\nCVE-2019-8609\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to Wen Xu of SSLab, Georgia Tech. \n\nCVE-2019-8610\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to Anonymous working with Trend Micro Zero Day Initiative. \n\nCVE-2019-8615\n Versions affected: WebKitGTK and WPE WebKit before 2.24.2. \n Credit to G. Geshev from MWR Labs working with Trend Micro\u0027s Zero\n Day Initiative. \n\nCVE-2019-8611\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to Samuel Gro\\xdf of Google Project Zero. \n\nCVE-2019-8619\n Versions affected: WebKitGTK and WPE WebKit before 2.24.1. \n Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of\n Chaitin Security Research Lab. \n\nCVE-2019-8622\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to Samuel Gro\\xdf of Google Project Zero. \n\nCVE-2019-8623\n Versions affected: WebKitGTK and WPE WebKit before 2.24.0. \n Credit to Samuel Gro\\xdf of Google Project Zero. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK and WPE\nWebKit. It is the best way to ensure that you are running safe versions\nof WebKit. Please check our websites for information about the latest\nstable releases. \n\nFurther information about WebKitGTK and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK and WPE WebKit team,\nMay 20, 2019\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-5-13-1 iOS 12.3\n\niOS 12.3 is now available and addresses the following:\n\nAppleFileConduit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8593: Dany Lisiansky (@DanyL931)\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nCoreAudio\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8585: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nDisk Images\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological\nUniversity\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8605: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and\nHanul Choi of LINE Security Team\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8591: Ned Williamson working with Google Project Zero\n\nLock Screen\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nsee the email address used for iTunes\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8599: Jeremy Pe\u00f1a-Lopez (aka Radio) of the University of\nNorth Florida\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8626: Natalie Silvanovich of Google Project Zero\n\nMail Message Framework\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8613: Natalie Silvanovich of Google Project Zero\n\nMobileInstallation\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nMobileLockdown\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to gain root privileges\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8637: Dany Lisiansky (@DanyL931)\n\nPhotos Storage\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8617: an anonymous researcher\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2019-8577: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8600: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2019-8602: Omer Gull of Checkpoint Research\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: The lock screen may show a locked icon after unlocking\nDescription: The issue was addressed with improved UI handling. \nCVE-2019-8630: Jon M. Morlan\n\nStreamingZip\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nsysdiagnose\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2019-8619: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\nCVE-2019-8622: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8623: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8628: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\n\nWi-Fi\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\n\nAdditional recognition\n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nCoreFoundation\nWe would like to acknowledge Vozzie and Rami and m4bln, Xiangqian\nZhang, Huiming Liu of Tencent\u0027s Xuanwu Lab for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero and\nan anonymous researcher for their assistance. \n\nMediaLibrary\nWe would like to acknowledge Angel Ramirez and Min (Spark) Zheng,\nXiaolong Bai of Alibaba Inc. for their assistance. \n\nMobileInstallation\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Ben Guild (@benguild) for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA\nhLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT\nY0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O\nz6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW\nctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK\nV5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK\ngwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g\n4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn\nQPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI\nOoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB\nuS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ\ncB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64=\n=fsAj\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "BID",
"id": "108497"
},
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152983"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8583",
"trust": 3.6
},
{
"db": "JVN",
"id": "JVNVU98453159",
"trust": 1.6
},
{
"db": "BID",
"id": "108497",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU93988385",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95342995",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159375",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152849",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152983",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1697",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1849",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1922",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160018",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-8583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152845",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "BID",
"id": "108497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152983"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"id": "VAR-201912-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160018"
}
],
"trust": 0.48026314999999997
},
"last_update_date": "2024-07-23T20:08:16.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT210125",
"trust": 1.6,
"url": "https://support.apple.com/en-us/ht210125"
},
{
"title": "HT210124",
"trust": 1.6,
"url": "https://support.apple.com/en-us/ht210124"
},
{
"title": "HT210212",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210212"
},
{
"title": "HT210118",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210118"
},
{
"title": "HT210119",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210119"
},
{
"title": "HT210120",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210120"
},
{
"title": "HT210122",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210122"
},
{
"title": "HT210123",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210123"
},
{
"title": "HT210125",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210125"
},
{
"title": "HT210212",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210212"
},
{
"title": "HT210118",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210118"
},
{
"title": "HT210119",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210119"
},
{
"title": "HT210120",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210120"
},
{
"title": "HT210122",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210122"
},
{
"title": "HT210123",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210123"
},
{
"title": "HT210124",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht210124"
},
{
"title": "About the security content of AirPort Base Station Firmware Update 7.9.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht210090"
},
{
"title": "Multiple Apple product WebKit Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92670"
},
{
"title": "Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204035 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1563",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1563"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210118"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210119"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210120"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210122"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210123"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210124"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210125"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210212"
},
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu98453159/"
},
{
"trust": 0.9,
"url": "https://www.apple.com/"
},
{
"trust": 0.9,
"url": "https://lists.apple.com/archives/security-announce/2019/may/msg00007.html"
},
{
"trust": 0.9,
"url": "https://lists.apple.com/archives/security-announce/2019/may/msg00006.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8583"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93988385/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95342995/"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108497"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601"
},
{
"trust": 0.7,
"url": "https://webkitgtk.org/security/wsa-2019-0003.html"
},
{
"trust": 0.7,
"url": "https://wpewebkit.org/security/wsa-2019-0003.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8607"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597"
},
{
"trust": 0.6,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210122"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191850-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht210125"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit-multiple-vulnerabilities-29366"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159375/red-hat-security-advisory-2020-4035-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210123"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80842"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210125"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152849/apple-security-advisory-2019-5-13-5.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1849/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3399/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1922/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152983/webkitgtk-wpe-webkit-code-execution.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8598"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8602"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8608"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8577"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8600"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8560"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8576"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8591"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8585"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8568"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8574"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8623"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8622"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8605"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8593"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8615"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8628"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2019/may/25"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2020-1563.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8637"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://wpewebkit.org/security/."
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8590"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4456"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "BID",
"id": "108497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152983"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160018"
},
{
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"db": "BID",
"id": "108497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152983"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160018"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108497"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"date": "2019-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"date": "2019-05-14T00:28:51",
"db": "PACKETSTORM",
"id": "152846"
},
{
"date": "2019-05-14T00:29:10",
"db": "PACKETSTORM",
"id": "152847"
},
{
"date": "2019-05-14T00:30:08",
"db": "PACKETSTORM",
"id": "152849"
},
{
"date": "2019-05-29T13:23:53",
"db": "PACKETSTORM",
"id": "153116"
},
{
"date": "2019-05-21T23:07:14",
"db": "PACKETSTORM",
"id": "152983"
},
{
"date": "2019-05-14T00:27:53",
"db": "PACKETSTORM",
"id": "152844"
},
{
"date": "2019-05-14T00:28:29",
"db": "PACKETSTORM",
"id": "152845"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"date": "2019-12-18T18:15:27.147000",
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-160018"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8583"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108497"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013445"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004252"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-514"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-8583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Memory corruption vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013445"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "152846"
},
{
"db": "PACKETSTORM",
"id": "152847"
},
{
"db": "PACKETSTORM",
"id": "152849"
},
{
"db": "PACKETSTORM",
"id": "153116"
},
{
"db": "PACKETSTORM",
"id": "152983"
},
{
"db": "PACKETSTORM",
"id": "152844"
},
{
"db": "PACKETSTORM",
"id": "152845"
}
],
"trust": 0.7
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.