Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-8604 (GCVE-0-2019-8604)
Vulnerability from cvelistv5
- An application may be able to execute arbitrary code with system privileges
URL | Tags | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:24:28.460Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/HT210119" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "macOS Mojave 10.14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to execute arbitrary code with system privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-18T17:33:18", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/HT210119" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8604", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "macOS Mojave 10.14.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with system privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/HT210119", "refsource": "MISC", "url": "https://support.apple.com/HT210119" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8604", "datePublished": "2019-12-18T17:33:18", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:24:28.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-8604\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:28.770\",\"lastModified\":\"2024-11-21T04:50:09.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.\"},{\"lang\":\"es\",\"value\":\"Un problema de corrupci\u00f3n de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versi\u00f3n 10.14.5. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios system.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14.5\",\"matchCriteriaId\":\"D6E2DF4C-D103-4762-8CF1-6EDCE088FB1A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210119\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
gsd-2019-8604
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-8604", "description": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.", "id": "GSD-2019-8604" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-8604" ], "details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.", "id": "GSD-2019-8604", "modified": "2023-12-13T01:23:48.640613Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8604", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "macOS Mojave 10.14.5" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to execute arbitrary code with system privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/HT210119", "refsource": "MISC", "url": "https://support.apple.com/HT210119" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.14.5", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8604" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/HT210119", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/HT210119" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 6.0 } }, "lastModifiedDate": "2019-12-20T18:47Z", "publishedDate": "2019-12-18T18:15Z" } } }
CERTFR-2019-AVI-204
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Apple | N/A | watchOS versions antérieures à 5.2.1 | ||
Apple | macOS | macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de sécurité Security Update 2019-003 | ||
Apple | N/A | iOS versions antérieures à 12.3 | ||
Apple | N/A | tvOS versions antérieures à 12.3 | ||
Apple | N/A | Apple TV Software versions antérieures à 7.3 | ||
Apple | Safari | Safari versions antérieures à 12.1.1 |
Title | Publication Time | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "watchOS versions ant\u00e9rieures \u00e0 5.2.1", "product": { "name": "N/A", "vendor": { "name": "Apple", "scada": false } } }, { "description": "macOS Mojave 10.14.4, macOS Sierra 10.12.6 et macOS High Sierra 10.13.6 sans le correctif de s\u00e9curit\u00e9 Security Update 2019-003", "product": { "name": "macOS", "vendor": { "name": "Apple", "scada": false } } }, { "description": "iOS versions ant\u00e9rieures \u00e0 12.3", "product": { "name": "N/A", "vendor": { "name": "Apple", "scada": false } } }, { "description": "tvOS versions ant\u00e9rieures \u00e0 12.3", "product": { "name": "N/A", "vendor": { "name": "Apple", "scada": false } } }, { "description": "Apple TV Software versions ant\u00e9rieures \u00e0 7.3", "product": { "name": "N/A", "vendor": { "name": "Apple", "scada": false } } }, { "description": "Safari versions ant\u00e9rieures \u00e0 12.1.1", "product": { "name": "Safari", "vendor": { "name": "Apple", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2019-8620", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8620" }, { "name": "CVE-2019-8596", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8596" }, { "name": "CVE-2019-8634", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8634" }, { "name": "CVE-2019-8595", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8595" }, { "name": "CVE-2019-8615", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8615" }, { "name": "CVE-2019-8590", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8590" }, { "name": "CVE-2019-8574", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8574" }, { "name": "CVE-2019-8609", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8609" }, { "name": "CVE-2018-4456", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4456" }, { "name": "CVE-2019-8613", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8613" }, { "name": "CVE-2019-8591", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8591" }, { "name": "CVE-2019-8626", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8626" }, { "name": "CVE-2019-8576", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8576" }, { "name": "CVE-2019-8571", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8571" }, { "name": "CVE-2019-8577", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8577" }, { "name": "CVE-2019-8600", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8600" }, { "name": "CVE-2019-8635", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8635" }, { "name": "CVE-2019-8608", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8608" }, { "name": "CVE-2017-9417", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9417" }, { "name": "CVE-2019-8602", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8602" }, { "name": "CVE-2017-14315", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14315" }, { "name": "CVE-2019-8593", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8593" }, { "name": "CVE-2019-8569", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8569" }, { "name": "CVE-2019-6237", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6237" }, { "name": "CVE-2019-8599", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8599" }, { "name": "CVE-2019-8597", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8597" }, { "name": "CVE-2019-8611", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8611" }, { "name": "CVE-2019-8623", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8623" }, { "name": "CVE-2019-8629", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8629" }, { "name": "CVE-2019-8622", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8622" }, { "name": "CVE-2019-8637", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8637" }, { "name": "CVE-2019-8560", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8560" }, { "name": "CVE-2019-8617", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8617" }, { "name": "CVE-2019-8630", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8630" }, { "name": "CVE-2019-8585", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8585" }, { "name": "CVE-2019-8605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8605" }, { "name": "CVE-2019-8604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8604" }, { "name": "CVE-2019-8589", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8589" }, { "name": "CVE-2019-8587", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8587" }, { "name": "CVE-2019-8592", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8592" }, { "name": "CVE-2019-8619", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8619" }, { "name": "CVE-2019-8610", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8610" }, { "name": "CVE-2019-8628", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8628" }, { "name": "CVE-2019-8601", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8601" }, { "name": "CVE-2019-8583", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8583" }, { "name": "CVE-2019-8606", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8606" }, { "name": "CVE-2019-8603", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8603" }, { "name": "CVE-2019-8616", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8616" }, { "name": "CVE-2019-8586", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8586" }, { "name": "CVE-2019-8594", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8594" }, { "name": "CVE-2017-6975", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6975" }, { "name": "CVE-2019-8568", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8568" }, { "name": "CVE-2019-8607", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8607" }, { "name": "CVE-2019-8598", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8598" }, { "name": "CVE-2019-8584", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8584" } ], "initial_release_date": "2019-05-14T00:00:00", "last_revision_date": "2019-05-14T00:00:00", "links": [], "reference": "CERTFR-2019-AVI-204", "revisions": [ { "description": "Version initiale", "revision_date": "2019-05-14T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210122 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210122" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210123 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210123" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210120 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210120" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210118 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210118" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210119 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210119" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210121 du 13 mai 2019", "url": "https://support.apple.com/en-us/HT210121" } ] }
fkie_cve-2019-8604
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
product-security@apple.com | https://support.apple.com/HT210119 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT210119 | Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6E2DF4C-D103-4762-8CF1-6EDCE088FB1A", "versionEndExcluding": "10.14.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges." }, { "lang": "es", "value": "Un problema de corrupci\u00f3n de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versi\u00f3n 10.14.5. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios system." } ], "id": "CVE-2019-8604", "lastModified": "2024-11-21T04:50:09.463", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-12-18T18:15:28.770", "references": [ { "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/HT210119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/HT210119" } ], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
var-201912-0612
Vulnerability from variot
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the securityd service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current user. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Security is one of the security components. A buffer error vulnerability exists in the Security component of Apple macOS Mojave prior to 10.14.5. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the following:
Accessibility Framework Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8603: Phoenhex and qwerty (@niklasb, @qwertyoruiopz, @bkth) working with Trend Micro's Zero Day Initiative
AMD Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative
Application Firewall Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2019-8590: The UK's National Cyber Security Centre (NCSC)
CoreAudio Available for: macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved error handling. CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
CoreAudio Available for: macOS Mojave 10.14.4 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
DesktopServices Available for: macOS Mojave 10.14.4 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter Stelzhammer of AV-Comparatives
Disk Images Available for: macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
Disk Images Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
EFI Available for: macOS Mojave 10.14.4 Impact: A user may be unexpectedly logged in to another user's account Description: An authentication issue was addressed with improved state management. CVE-2019-8634: Jenny Sprenger and Maik Hoepfel
Intel Graphics Driver Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative
Intel Graphics Driver Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4456: Tyler Bohan of Cisco Talos
IOKit Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A local user may be able to load unsigned kernel extensions Description: A validation issue existed in the handling of symlinks. CVE-2019-8606: Phoenhex and qwerty (@niklasb, @qwertyoruiopz, @bkth) working with Trend Micro's Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel Available for: macOS Mojave 10.14.4 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero
Security Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8604: Fluoroacetate working with Trend Micro's Zero Day Initiative
SQLite Available for: macOS Mojave 10.14.4 Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research
StreamingZip Available for: macOS Mojave 10.14.4 Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8569: Viktor Oreshkin (@stek29)
WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
Additional recognition
CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel We would like to acknowledge an anonymous researcher for their assistance.
PackageKit We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance.
System Preferences We would like to acknowledge an anonymous researcher for their assistance.
Installation note:
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZsi4pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GJyhAA ipwQq4CCFG5VTwffHlYFo1WoFhj3LPVex/1v/atmSZvo1GA1C7OMRtjjY4W/66Dn scduO8amThzjp/oSbHaUMSgskpXNqBRLjKZQ02ErfWNhw3laVgPkd0dRqUGNTsa1 WLb6w0cHIozbEl17azkJs5SUojNjRm0+M/GgRMgFbZxbPJMTFpZRH0iKuUCT8cYg 3awkFYqSTWR0UYSIE+gb4VWVjvX5xUrpD6RdEX19cZr6FYT6cv63pGQtBdLTkp/L w5g3X1q4lv5aVqRetUzaOba16M319KAT9MRHBgM7XkFK+5Vdhtj70LUoutxTlPfK c1We70jxAd1BR+WzlxzvxzrWLjxHczSyBVqOOJpS0C99synNCAaTUVoiyQDh3M0k Qlpb4N3rtrVQAFF8rTkeI93wS3qdYPfCWt/Co20EQ5FaWG/+CZTmjbGq61TB1gJq KUymGfplPG1YJbu9UnjLyPF/ICMj8MkMGkSSMIwkG51rhlvJF7pa+fFNGuKt2jnh FTD/fHwWeTcqBq1/9NVPsvdbWk5o2e2xEDYG4EfcWDfSsbsW1g7WsO2LMaDB8EHg Hcy7GCbFYbsDTqVXERUXi6GDusM2UWLyXFqi5Cael1gCCXcPfM9/tn/vfJWxuId4 QvYyi/HZU0Ra1zsp6/2wNvPA+Uw+vGlLhSWgjCxvfLk= =934G -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0612", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.14.5" }, { "model": "tv software", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.3 earlier" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 earlier" }, { "model": "macos high sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-003 not applied )" }, { "model": "macos mojave", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.14.5 earlier" }, { "model": "macos sierra", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "(security update 2019-003 not applied )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.1.1 earlier" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.3 earlier" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.2.1 earlier" }, { "model": "macos", "scope": null, "trust": 0.7, "vendor": "apple", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apple:apple_tv_software", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_high_sierra", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_mojave", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_sierra", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:safari", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:watchos", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003317" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fluoroacetate (@fluoroacetate)", "sources": [ { "db": "ZDI", "id": "ZDI-19-766" } ], "trust": 0.7 }, "cve": "CVE-2019-8604", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2019-8604", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-160039", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.0, "id": "CVE-2019-8604", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "id": "CVE-2019-8604", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-8604", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2019-8604", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201905-467", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160039", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-8604", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "VULHUB", "id": "VHN-160039" }, { "db": "VULMON", "id": "CVE-2019-8604" }, { "db": "CNNVD", "id": "CNNVD-201905-467" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the securityd service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current user. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Security is one of the security components. A buffer error vulnerability exists in the Security component of Apple macOS Mojave prior to 10.14.5. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update\n2019-003 High Sierra, Security Update 2019-003 Sierra\n\nmacOS Mojave 10.14.5, Security Update 2019-003 High Sierra,\nSecurity Update 2019-003 Sierra are now available and\naddresses the following:\n\nAccessibility Framework\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8603: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz,\n@bkth_) working with Trend Micro\u0027s Zero Day Initiative\n\nAMD\nAvailable for: macOS Mojave 10.14.4\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team working with Trend Micro\u0027s Zero Day Initiative\n\nApplication Firewall\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8590: The UK\u0027s National Cyber Security Centre (NCSC)\n\nCoreAudio\nAvailable for: macOS Sierra 10.12.6\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nerror handling. \nCVE-2019-8592: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreAudio\nAvailable for: macOS Mojave 10.14.4\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8585: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nDesktopServices\nAvailable for: macOS Mojave 10.14.4\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter\nStelzhammer of AV-Comparatives\n\nDisk Images\nAvailable for: macOS Sierra 10.12.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological\nUniversity\n\nDisk Images\nAvailable for: macOS Mojave 10.14.4\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological\nUniversity\n\nEFI\nAvailable for: macOS Mojave 10.14.4\nImpact: A user may be unexpectedly logged in to another user\u0027s\naccount\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2019-8634: Jenny Sprenger and Maik Hoepfel\n\nIntel Graphics Driver\nAvailable for: macOS Mojave 10.14.4\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security\nResearch Team working with Trend Micro\u0027s Zero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2018-4456: Tyler Bohan of Cisco Talos\n\nIOKit\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: A local user may be able to load unsigned kernel extensions\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8606: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz,\n@bkth_) working with Trend Micro\u0027s Zero Day Initiative\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8605: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: macOS Mojave 10.14.4\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and\nHanul Choi of LINE Security Team\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8591: Ned Williamson working with Google Project Zero\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.4\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8604: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\n\nSQLite\nAvailable for: macOS Mojave 10.14.4\nImpact: An application may be able to gain elevated privileges\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2019-8577: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: macOS Mojave 10.14.4\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8600: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: macOS Mojave 10.14.4\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: macOS Mojave 10.14.4\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2019-8602: Omer Gull of Checkpoint Research\n\nStreamingZip\nAvailable for: macOS Mojave 10.14.4\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8569: Viktor Oreshkin (@stek29)\n\nWebKit\nAvailable for: macOS Mojave 10.14.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6237: G. Geshev working with Trend Micro Zero Day\nInitiative, Liu Long of Qihoo 360 Vulcan Team\nCVE-2019-8571: 01 working with Trend Micro\u0027s Zero Day Initiative\nCVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)\nof Tencent Keen Lab, and dwfault working at ADLab of Venustech\nCVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8586: an anonymous researcher\nCVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security \u0026\nPrivacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab\nCVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8596: Wen Xu of SSLab at Georgia Tech\nCVE-2019-8597: 01 working with Trend Micro Zero Day Initiative\nCVE-2019-8601: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8609: Wen Xu of SSLab, Georgia Tech\nCVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative\nCVE-2019-8611: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2019-8619: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\nCVE-2019-8622: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8623: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8628: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\n\nWebKit\nAvailable for: macOS Mojave 10.14.4\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team\n\nAdditional recognition\n\nCoreFoundation\nWe would like to acknowledge Vozzie and Rami and m4bln, Xiangqian\nZhang, Huiming Liu of Tencent\u0027s Xuanwu Lab for their assistance. \n\nKernel\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nPackageKit\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nSafari\nWe would like to acknowledge Michael Ball of Gradescope by Turnitin\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.5, Security Update 2019-003 High Sierra,\nSecurity Update 2019-003 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZsi4pHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GJyhAA\nipwQq4CCFG5VTwffHlYFo1WoFhj3LPVex/1v/atmSZvo1GA1C7OMRtjjY4W/66Dn\nscduO8amThzjp/oSbHaUMSgskpXNqBRLjKZQ02ErfWNhw3laVgPkd0dRqUGNTsa1\nWLb6w0cHIozbEl17azkJs5SUojNjRm0+M/GgRMgFbZxbPJMTFpZRH0iKuUCT8cYg\n3awkFYqSTWR0UYSIE+gb4VWVjvX5xUrpD6RdEX19cZr6FYT6cv63pGQtBdLTkp/L\nw5g3X1q4lv5aVqRetUzaOba16M319KAT9MRHBgM7XkFK+5Vdhtj70LUoutxTlPfK\nc1We70jxAd1BR+WzlxzvxzrWLjxHczSyBVqOOJpS0C99synNCAaTUVoiyQDh3M0k\nQlpb4N3rtrVQAFF8rTkeI93wS3qdYPfCWt/Co20EQ5FaWG/+CZTmjbGq61TB1gJq\nKUymGfplPG1YJbu9UnjLyPF/ICMj8MkMGkSSMIwkG51rhlvJF7pa+fFNGuKt2jnh\nFTD/fHwWeTcqBq1/9NVPsvdbWk5o2e2xEDYG4EfcWDfSsbsW1g7WsO2LMaDB8EHg\nHcy7GCbFYbsDTqVXERUXi6GDusM2UWLyXFqi5Cael1gCCXcPfM9/tn/vfJWxuId4\nQvYyi/HZU0Ra1zsp6/2wNvPA+Uw+vGlLhSWgjCxvfLk=\n=934G\n-----END PGP SIGNATURE-----\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2019-8604" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "VULHUB", "id": "VHN-160039" }, { "db": "VULMON", "id": "CVE-2019-8604" }, { "db": "PACKETSTORM", "id": "152845" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-8604", "trust": 3.4 }, { "db": "ZDI", "id": "ZDI-19-766", "trust": 1.3 }, { "db": "JVN", "id": "JVNVU93988385", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003317", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8360", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201905-467", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152845", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1695", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160039", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-8604", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "VULHUB", "id": "VHN-160039" }, { "db": "VULMON", "id": "CVE-2019-8604" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "CNNVD", "id": "CNNVD-201905-467" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "id": "VAR-201912-0612", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160039" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:59:00.246000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra", "trust": 1.5, "url": "https://support.apple.com/en-us/HT210119" }, { "title": "About the security content of iOS 12.3", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210118" }, { "title": "About the security content of Safari 12.1.1", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210123" }, { "title": "About the security content of Apple TV Software 7.3", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210121" }, { "title": "About the security content of tvOS 12.3", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210120" }, { "title": "About the security content of watchOS 5.2.1", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210122" }, { "title": "Apple macOS Mojave Security Fix for component buffer error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92623" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "CNNVD", "id": "CNNVD-201905-467" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160039" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.apple.com/ht210119" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8604" }, { "trust": 1.3, "url": "https://support.apple.com/en-us/ht210119" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8590" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8591" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8560" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8568" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8574" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8603" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8576" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8585" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8589" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8634" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8576" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8604" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8637" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8635" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8585" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8606" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8622" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8589" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8616" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8613" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8590" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8617" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8620" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8611" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8591" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8626" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8610" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8560" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8593" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8629" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8609" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8568" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8599" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8630" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8574" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8603" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93988385/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8622" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8617" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8613" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8620" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8593" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8626" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8599" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8629" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8630" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8634" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8606" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8635" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8637" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8616" }, { "trust": 0.6, "url": "https://support.apple.com/en-au/ht210119" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/80826" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152845/apple-security-advisory-2019-5-13-2.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://seclists.org/fulldisclosure/2019/may/20" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8598" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8592" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583" }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "VULHUB", "id": "VHN-160039" }, { "db": "VULMON", "id": "CVE-2019-8604" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "CNNVD", "id": "CNNVD-201905-467" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-766" }, { "db": "VULHUB", "id": "VHN-160039" }, { "db": "VULMON", "id": "CVE-2019-8604" }, { "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "CNNVD", "id": "CNNVD-201905-467" }, { "db": "NVD", "id": "CVE-2019-8604" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-27T00:00:00", "db": "ZDI", "id": "ZDI-19-766" }, { "date": "2019-12-18T00:00:00", "db": "VULHUB", "id": "VHN-160039" }, { "date": "2019-12-18T00:00:00", "db": "VULMON", "id": "CVE-2019-8604" }, { "date": "2019-05-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "date": "2019-05-14T00:28:29", "db": "PACKETSTORM", "id": "152845" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-467" }, { "date": "2019-12-18T18:15:28.770000", "db": "NVD", "id": "CVE-2019-8604" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-27T00:00:00", "db": "ZDI", "id": "ZDI-19-766" }, { "date": "2019-12-20T00:00:00", "db": "VULHUB", "id": "VHN-160039" }, { "date": "2019-12-20T00:00:00", "db": "VULMON", "id": "CVE-2019-8604" }, { "date": "2020-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003317" }, { "date": "2021-10-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-467" }, { "date": "2024-11-21T04:50:09.463000", "db": "NVD", "id": "CVE-2019-8604" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-467" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Updates to product vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003317" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-467" } ], "trust": 0.6 } }
ghsa-j772-q898-qr4w
Vulnerability from github
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
{ "affected": [], "aliases": [ "CVE-2019-8604" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-12-18T18:15:00Z", "severity": "HIGH" }, "details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.", "id": "GHSA-j772-q898-qr4w", "modified": "2022-05-24T17:04:18Z", "published": "2022-05-24T17:04:18Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8604" }, { "type": "WEB", "url": "https://support.apple.com/HT210119" } ], "schema_version": "1.4.0", "severity": [] }
cnvd-2020-04519
Vulnerability from cnvd
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://support.apple.com/zh-cn/HT210119
Name | Apple Apple macOS Mojave 10.14.5 |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2019-8604", "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-8604" } }, "description": "Apple macOS Mojave\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\n\nApple macOS Mojave\u4e2d\u7684Security\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT210119", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2020-04519", "openTime": "2020-02-10", "patchDescription": "Apple macOS Mojave\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Mojave\u4e2d\u7684Security\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Apple macOS Mojave Security\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Apple Apple macOS Mojave 10.14.5" }, "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-19-766/", "serverity": "\u9ad8", "submitTime": "2019-08-28", "title": "Apple macOS Mojave Security\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.