CVE-2019-8594

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/HT210118	Vendor Advisory
https://support.apple.com/HT210119	Vendor Advisory
https://support.apple.com/HT210120	Vendor Advisory
https://support.apple.com/HT210123	Vendor Advisory
https://support.apple.com/HT210124	Vendor Advisory
https://support.apple.com/HT210125	Vendor Advisory
https://support.apple.com/HT210212	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::

History

No history.

Information

Published : 2019-12-18 18:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-8594

Mitre link : CVE-2019-8594

CVE.ORG link : CVE-2019-8594

JSON object : View

Products Affected

apple

icloud
iphone_os
itunes
mac_os_x
tvos
safari

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-8594", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-12-18T18:15:27.897", "references": [{"url": "https://support.apple.com/HT210118", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210119", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210120", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210123", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210124", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210125", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210212", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "M\u00faltiples problemas de corrupci\u00f3n de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versi\u00f3n 12.3, macOS Mojave versi\u00f3n 10.14.5, tvOS versi\u00f3n 12.3, Safari versi\u00f3n 12.1.1, iTunes para Windows versi\u00f3n 12.9.5, iCloud para Windows versi\u00f3n 7.12. El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "94D4BA69-CF5D-4F94-A78E-4D642A166704", "versionEndExcluding": "7.12"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F07EF362-5B81-4A7E-A4BD-C32B6ABE46ED", "versionEndExcluding": "12.9.5"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3711102B-4DA7-4212-A741-1EFE87D60A95", "versionEndExcluding": "12.1.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB19F7E8-75CA-4F9F-B79C-DB3B2C0E1EF4", "versionEndExcluding": "12.3"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6E2DF4C-D103-4762-8CF1-6EDCE088FB1A", "versionEndExcluding": "10.14.5"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F48137-53D0-4469-9785-57A7FC4482AB", "versionEndExcluding": "12.3"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}