cnvd-2019-36613
Vulnerability from cnvd
Title
Apple macOS Catalina信息泄露漏洞
Description
Apple macOS Catalina是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。PDFKit是其中的一个PDF文档生成组件。
Apple macOS Catalina 10.15之前版本的PDFKit组件中对加密PDFs中链接的处理存在安全漏洞。攻击者可利用该漏洞泄露加密的PDF内容。
Severity
中
VLAI Severity ?
Patch Name
Apple macOS Catalina信息泄露漏洞的补丁
Patch Description
Apple macOS Catalina是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。PDFKit是其中的一个PDF文档生成组件。
Apple macOS Catalina 10.15之前版本的PDFKit组件中对加密PDFs中链接的处理存在安全漏洞。攻击者可利用该漏洞泄露加密的PDF内容。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://support.apple.com/zh-cn/HT210634
Reference
https://support.apple.com/zh-cn/HT210634
Impacted products
| Name | Apple macOS Catalina <10.15 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-8772",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-8772"
}
},
"description": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002PDFKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aPDF\u6587\u6863\u751f\u6210\u7ec4\u4ef6\u3002\n\nApple macOS Catalina 10.15\u4e4b\u524d\u7248\u672c\u7684PDFKit\u7ec4\u4ef6\u4e2d\u5bf9\u52a0\u5bc6PDFs\u4e2d\u94fe\u63a5\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u52a0\u5bc6\u7684PDF\u5185\u5bb9\u3002",
"discovererName": "Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH M\u00fcnster University of Applied Sciences, and J\u00f6rg Schwenk of Ruhr University Bochum",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT210634",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-36613",
"openTime": "2019-10-22",
"patchDescription": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002PDFKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aPDF\u6587\u6863\u751f\u6210\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Catalina 10.15\u4e4b\u524d\u7248\u672c\u7684PDFKit\u7ec4\u4ef6\u4e2d\u5bf9\u52a0\u5bc6PDFs\u4e2d\u94fe\u63a5\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u52a0\u5bc6\u7684PDF\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple macOS Catalina\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple macOS Catalina \u003c10.15"
},
"referenceLink": "https://support.apple.com/zh-cn/HT210634",
"serverity": "\u4e2d",
"submitTime": "2019-10-21",
"title": "Apple macOS Catalina\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…