var-201912-0610
Vulnerability from variot
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges. plural Apple The product contains a memory corruption vulnerability because it contains vulnerable code.An attacker may be able to elevate privileges through a maliciously crafted application. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. An information-disclosure vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the affected application, disclose sensitive information, elevate privileges, and perform unauthorized actions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. A buffer error vulnerability exists in the SQLite component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero
Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida
Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero
Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero
MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931)
Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research
Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan
StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt
Additional recognition
Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance.
MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance.
MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Safari We would like to acknowledge Ben Guild (@benguild) for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 12.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0610", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "itunes", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.9.5" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.4" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.14.5" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.3" }, { "model": "icloud", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.0" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.3" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.12" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.1.1" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "5.2.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.14.4" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 10.4 (windows 10 18362.145 or later )" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.12 (windows 7 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 (ipad air or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 (iphone 5s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 (ipod touch no. 6 generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 12.9.5 (windows 7 or later )" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 (apple tv 4k)" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.3 (apple tv hd)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.2.1 (apple watch series 1 or later )" }, { "model": "airmac base station", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "update 7.9.1 earlier" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 7.12 earlier" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 12.9.5 earlier" }, { "model": "sqlite", "scope": "eq", "trust": 0.3, "vendor": "sqlite", "version": "0" }, { "model": "windows", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "80" }, { "model": "windows", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "windows", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "10" }, { "model": "esignal", "scope": "eq", "trust": 0.3, "vendor": "esignal", "version": "6.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.9.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.9.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.9.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.7.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.7.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.7.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.6.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.2.20" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.7.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.0.163" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1.42" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1.10" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.0.80" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2.12" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.9" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.6" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.5" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.4" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.11" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.10" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.2" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "itunes", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.9.5" }, { "model": "icloud", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "7.12" } ], "sources": [ { "db": "BID", "id": "108491" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:icloud", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:itunes", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:watchos", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013447" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" } ], "trust": 0.6 }, "cve": "CVE-2019-8602", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-8602", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-160037", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-8602", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-8602", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-8602", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-8602", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201905-525", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160037", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-8602", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160037" }, { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "CNNVD", "id": "CNNVD-201905-525" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges. plural Apple The product contains a memory corruption vulnerability because it contains vulnerable code.An attacker may be able to elevate privileges through a maliciously crafted application. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). SQLite is prone to the following security vulnerabilities. \n1. Multiple privilege-escalation vulnerabilities\n2. A memory corruption vulnerability\n3. An information-disclosure vulnerability\nAttackers can exploit these issues to execute arbitrary code in the context of the affected application, disclose sensitive information, elevate privileges, and perform unauthorized actions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. A buffer error vulnerability exists in the SQLite component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-5-13-1 iOS 12.3\n\niOS 12.3 is now available and addresses the following:\n\nAppleFileConduit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8593: Dany Lisiansky (@DanyL931)\n\nContacts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nCoreAudio\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8585: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nDisk Images\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological\nUniversity\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8605: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and\nHanul Choi of LINE Security Team\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8591: Ned Williamson working with Google Project Zero\n\nLock Screen\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nsee the email address used for iTunes\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8599: Jeremy Pe\u00f1a-Lopez (aka Radio) of the University of\nNorth Florida\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8626: Natalie Silvanovich of Google Project Zero\n\nMail Message Framework\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8613: Natalie Silvanovich of Google Project Zero\n\nMobileInstallation\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nMobileLockdown\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to gain root privileges\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8637: Dany Lisiansky (@DanyL931)\n\nPhotos Storage\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8617: an anonymous researcher\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to gain elevated privileges\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2019-8577: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8600: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to read restricted memory\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8598: Omer Gull of Checkpoint Research\n\nSQLite\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2019-8602: Omer Gull of Checkpoint Research\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: The lock screen may show a locked icon after unlocking\nDescription: The issue was addressed with improved UI handling. \nCVE-2019-8630: Jon M. Morlan\n\nStreamingZip\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2019-8568: Dany Lisiansky (@DanyL931)\n\nsysdiagnose\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6237: G. Geshev working with Trend Micro Zero Day\nInitiative, Liu Long of Qihoo 360 Vulcan Team\nCVE-2019-8571: 01 working with Trend Micro\u0027s Zero Day Initiative\nCVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)\nof Tencent Keen Lab, and dwfault working at ADLab of Venustech\nCVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8586: an anonymous researcher\nCVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security \u0026\nPrivacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab\nCVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero\nDay Initiative\nCVE-2019-8596: Wen Xu of SSLab at Georgia Tech\nCVE-2019-8597: 01 working with Trend Micro Zero Day Initiative\nCVE-2019-8601: Fluoroacetate working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8609: Wen Xu of SSLab, Georgia Tech\nCVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative\nCVE-2019-8611: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2019-8619: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\nCVE-2019-8622: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8623: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8628: Wen Xu of SSLab at Georgia Tech and\nHanqing Zhao of Chaitin Security Research Lab\n\nWi-Fi\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\n\nAdditional recognition\n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nCoreFoundation\nWe would like to acknowledge Vozzie and Rami and m4bln, Xiangqian\nZhang, Huiming Liu of Tencent\u0027s Xuanwu Lab for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero and\nan anonymous researcher for their assistance. \n\nMediaLibrary\nWe would like to acknowledge Angel Ramirez and Min (Spark) Zheng,\nXiaolong Bai of Alibaba Inc. for their assistance. \n\nMobileInstallation\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Ben Guild (@benguild) for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA\nhLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT\nY0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O\nz6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW\nctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK\nV5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK\ngwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g\n4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn\nQPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI\nOoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB\nuS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ\ncB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64=\n=fsAj\n-----END PGP SIGNATURE-----\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2019-8602" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "BID", "id": "108491" }, { "db": "VULHUB", "id": "VHN-160037" }, { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-8602", "trust": 3.5 }, { "db": "JVN", "id": "JVNVU98453159", "trust": 1.6 }, { "db": "BID", "id": "108491", "trust": 1.0 }, { "db": "JVN", "id": "JVNVU93988385", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95342995", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-013447", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-004252", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-525", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152847", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "153117", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1697", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1922", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160037", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-8602", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "152846", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153116", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "152844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "152845", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160037" }, { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "BID", "id": "108491" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" }, { "db": "CNNVD", "id": "CNNVD-201905-525" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "id": "VAR-201912-0610", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160037" } ], "trust": 0.48026314999999997 }, "last_update_date": "2024-11-29T19:54:32.854000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT210125", "trust": 1.6, "url": "https://support.apple.com/en-us/HT210125" }, { "title": "HT210124", "trust": 1.6, "url": "https://support.apple.com/en-us/HT210124" }, { "title": "HT210212", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210212" }, { "title": "HT210118", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210118" }, { "title": "HT210119", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210119" }, { "title": "HT210120", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210120" }, { "title": "HT210122", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210122" }, { "title": "HT210212", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210212" }, { "title": "HT210118", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210118" }, { "title": "HT210119", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210119" }, { "title": "HT210120", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210120" }, { "title": "HT210122", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210122" }, { "title": "HT210124", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210124" }, { "title": "HT210125", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT210125" }, { "title": "About the security content of AirPort Base Station Firmware Update 7.9.1", "trust": 0.8, "url": "https://support.apple.com/en-us/HT210090" }, { "title": "Multiple Apple product SQLite Fix for component buffer error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92681" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/sqlite-exploits-iphone-hack/147203/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "CNNVD", "id": "CNNVD-201905-525" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160037" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8602" }, { "trust": 1.8, "url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/" }, { "trust": 1.8, "url": "https://support.apple.com/ht210118" }, { "trust": 1.8, "url": "https://support.apple.com/ht210119" }, { "trust": 1.8, "url": "https://support.apple.com/ht210120" }, { "trust": 1.8, "url": "https://support.apple.com/ht210122" }, { "trust": 1.8, "url": "https://support.apple.com/ht210124" }, { "trust": 1.8, "url": "https://support.apple.com/ht210125" }, { "trust": 1.8, "url": "https://support.apple.com/ht210212" }, { "trust": 1.6, "url": "https://jvn.jp/vu/jvnvu98453159/" }, { "trust": 0.9, "url": "https://www.sqlite.org/" }, { "trust": 0.9, "url": "https://lists.apple.com/archives/security-announce/2019/may/msg00007.html" }, { "trust": 0.9, "url": "https://lists.apple.com/archives/security-announce/2019/may/msg00006.html" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8602" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93988385/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95342995/" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/108491" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8598" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8601" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8583" }, { "trust": 0.6, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8577" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8600" }, { "trust": 0.6, "url": "https://support.apple.com/en-au/ht210122" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht210125" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/153117/apple-security-advisory-2019-5-28-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/80842" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210125" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210124" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1922/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152847/apple-security-advisory-2019-5-13-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8587" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8595" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8607" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8584" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8596" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8586" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8597" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8571" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8594" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8560" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8610" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8576" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8591" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8585" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8608" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8568" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8609" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8574" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8611" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8605" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8593" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8623" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8628" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8619" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/sqlite-exploits-iphone-hack/147203/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8626" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8637" }, { "trust": 0.1, "url": "https://support.apple.com/ht204283" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8592" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8590" }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4456" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/download/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-160037" }, { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "BID", "id": "108491" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" }, { "db": "CNNVD", "id": "CNNVD-201905-525" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-160037" }, { "db": "VULMON", "id": "CVE-2019-8602" }, { "db": "BID", "id": "108491" }, { "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" }, { "db": "CNNVD", "id": "CNNVD-201905-525" }, { "db": "NVD", "id": "CVE-2019-8602" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-18T00:00:00", "db": "VULHUB", "id": "VHN-160037" }, { "date": "2019-12-18T00:00:00", "db": "VULMON", "id": "CVE-2019-8602" }, { "date": "2019-05-28T00:00:00", "db": "BID", "id": "108491" }, { "date": "2020-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "date": "2019-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "date": "2019-05-14T00:28:51", "db": "PACKETSTORM", "id": "152846" }, { "date": "2019-05-14T00:29:10", "db": "PACKETSTORM", "id": "152847" }, { "date": "2019-05-29T13:23:53", "db": "PACKETSTORM", "id": "153116" }, { "date": "2019-05-14T00:27:53", "db": "PACKETSTORM", "id": "152844" }, { "date": "2019-05-14T00:28:29", "db": "PACKETSTORM", "id": "152845" }, { "date": "2019-05-29T13:24:19", "db": "PACKETSTORM", "id": "153117" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-525" }, { "date": "2019-12-18T18:15:28.600000", "db": "NVD", "id": "CVE-2019-8602" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-160037" }, { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-8602" }, { "date": "2019-05-28T00:00:00", "db": "BID", "id": "108491" }, { "date": "2020-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013447" }, { "date": "2019-06-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004252" }, { "date": "2021-11-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-525" }, { "date": "2024-11-21T04:50:09.217000", "db": "NVD", "id": "CVE-2019-8602" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-525" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Memory Corruption Vulnerability in Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013447" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "152846" }, { "db": "PACKETSTORM", "id": "152847" }, { "db": "PACKETSTORM", "id": "153116" }, { "db": "PACKETSTORM", "id": "152844" }, { "db": "PACKETSTORM", "id": "152845" }, { "db": "PACKETSTORM", "id": "153117" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.