cnvd - cnvd-2020-14268

cnvd-2020-14268

Vulnerability from cnvd

Title: Apple Safari InlineFlowBox远程代码执行漏洞

Description:

Apple Safari是苹果计算机的操作系统macOS中的浏览器，使用了KDE的KHTML作为浏览器的运算核心。

Apple Safari InlineFlowBox存在远程代码执行漏洞，该漏洞是由于在对对象执行操作之前缺乏验证对象的存在而导致的。攻击者可以利用此漏洞在当前进程的上下文中执行代码。

Severity: 中

Patch Name: Apple Safari InlineFlowBox远程代码执行漏洞的补丁

Patch Description:

Apple Safari是苹果计算机的操作系统macOS中的浏览器，使用了KDE的KHTML作为浏览器的运算核心。

Apple Safari InlineFlowBox存在远程代码执行漏洞，该漏洞是由于在对对象执行操作之前缺乏验证对象的存在而导致的。攻击者可以利用此漏洞在当前进程的上下文中执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁已修复漏洞，补丁获取链接： https：//support.apple.com/en-us/HT210348

Reference: https://www.zerodayinitiative.com/advisories/ZDI-19-684/

Impacted products

Name
['Apple macOS Mojave <10.14.6', 'Apple iOS <12.4', 'Apple tvOS <12.4', 'Apple Safari <12.1.2', 'Apple iTunes for Windows <12.9.6', 'Apple iCloud for Windows <7.13', 'Apple iCloud for Windows <10.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8681",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-8681"
    }
  },
  "description": "Apple Safari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u64cd\u4f5c\u7cfb\u7edfmacOS\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\n\nApple Safari InlineFlowBox\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5bf9\u5bf9\u8c61\u6267\u884c\u64cd\u4f5c\u4e4b\u524d\u7f3a\u4e4f\u9a8c\u8bc1\u5bf9\u8c61\u7684\u5b58\u5728\u800c\u5bfc\u81f4\u7684\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u5df2\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps\uff1a//support.apple.com/en-us/HT210348",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-14268",
  "openTime": "2020-02-24",
  "patchDescription": "Apple Safari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u64cd\u4f5c\u7cfb\u7edfmacOS\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\nApple Safari InlineFlowBox\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5bf9\u5bf9\u8c61\u6267\u884c\u64cd\u4f5c\u4e4b\u524d\u7f3a\u4e4f\u9a8c\u8bc1\u5bf9\u8c61\u7684\u5b58\u5728\u800c\u5bfc\u81f4\u7684\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Safari InlineFlowBox\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Mojave \u003c10.14.6",
      "Apple iOS \u003c12.4",
      "Apple tvOS \u003c12.4",
      "Apple Safari \u003c12.1.2",
      "Apple iTunes for Windows \u003c12.9.6",
      "Apple iCloud for Windows \u003c7.13",
      "Apple iCloud for Windows \u003c10.6"
    ]
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-19-684/",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-30",
  "title": "Apple Safari InlineFlowBox\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2019-8681 (GCVE-0-2019-8681)

Vulnerability from cvelistv5

Published

2019-12-18 17:33

Modified

2024-08-04 21:24

Severity ?

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

References

▼	URL	Tags
	https://support.apple.com/HT210346	x_refsource_MISC
	https://support.apple.com/HT210348	x_refsource_MISC
	https://support.apple.com/HT210351	x_refsource_MISC
	https://support.apple.com/HT210355	x_refsource_MISC
	https://support.apple.com/HT210356	x_refsource_MISC
	https://support.apple.com/HT210357	x_refsource_MISC
	https://support.apple.com/HT210358	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Apple

iOS

Version: unspecified < iOS 12.4

Apple	macOS	Version: unspecified < macOS Mojave 10.14.6
Apple	tvOS	Version: unspecified < tvOS 12.4
Apple	Safari	Version: unspecified < Safari 12.1.2
Apple	iTunes for Windows	Version: unspecified < iTunes for Windows 12.9.6
Apple	iCloud for Windows	Version: unspecified < iCloud for Windows 7.13
Apple	iCloud for Windows (Microsoft Store)	Version: unspecified < iCloud for Windows 10.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210346"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210348"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210351"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210355"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210356"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210357"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210358"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 12.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Mojave 10.14.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 12.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 12.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes for Windows 12.9.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Microsoft Store)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 10.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:21",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210346"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210348"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210351"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210355"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210356"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210357"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210358"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 12.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Mojave 10.14.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 12.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 12.1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes for Windows 12.9.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.13"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Microsoft Store)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 10.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210346",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210346"
            },
            {
              "name": "https://support.apple.com/HT210348",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210348"
            },
            {
              "name": "https://support.apple.com/HT210351",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210351"
            },
            {
              "name": "https://support.apple.com/HT210355",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210355"
            },
            {
              "name": "https://support.apple.com/HT210356",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210356"
            },
            {
              "name": "https://support.apple.com/HT210357",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210357"
            },
            {
              "name": "https://support.apple.com/HT210358",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210358"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8681",
    "datePublished": "2019-12-18T17:33:21",
    "dateReserved": "2019-02-18T00:00:00",
    "dateUpdated": "2024-08-04T21:24:29.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted