Details of VAR-201903-0417

ID

VAR-201903-0417

CVE

CVE-2019-6226

TITLE

plural Apple Multiple memory corruption vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-002220

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Sandbox avoidance * Arbitrary code execution * Privilege escalation * information leak * Information falsification * Service operation interruption (DoS) * Arbitrary script execution. WebKit is prone to multiple memory-corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10. CVE-2019-6235: Brandon Azad Core Media Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-5 Safari 12.0.3 Safari 12.0.3 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.3 Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: A cross-site scripting issue existed in Safari. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6229: Ryan Pickren (ryanpickren.com) Additional recognition Safari Reader We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance. WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance. Installation note: Safari 12.0.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GuaQ/+ P755KDBIfFEwmq2J3JybH1rSJrqMJ3R4RWhNojVOSZ0utjZdF9Ys0yNkCBtTmKfu bT33YUlVuoJ/tFrpxN8IG4D64kcEr3ZFYHo2vhDljD8BGiLG+dVRvqaJCHHkSgox G79Yq7Hl59NbcOU0L2A6+Y6KfNgOCsQIJID9SmDVLNHPDEOXOO+ly9rLh8m4LKc+ s4Xa43IQXnp0TfHGB2krO5YQampvqyHWZvgeTaNQcOomE3kLrS3ag+DRqcJj5bes fgM3TOESPWZL0LA/FaKo0PJTG6wG5so/8pjcy28ldia7Q2i7MCDRSB0xn4MwOqtq 8kKQ3msSmv5Vp4c4WMQA0brhRyuW1pFDnGX0VdNsUgYFcxyajJB2pyCF7B0WKaRh jA9v231m1p+BO82dql6+JZLe5scyHvxHNXbhekjACL8NLmBPnxXB96KIdX5t+KKu R2SzYq59Pt5W39bYIwDt8rTXgyAnO8QD02RjOf+eFprEBsukcUv+H0vJuLJvuPoI EgAze4hkCa4isjCfr5ojFHbp5WE/KI9a8mXhfXdFU66n6JkiH1byHUgGpamPWzCl dLZn1eclsXriFUtzX58lO30z31x5JjCYtERKUFmaKAZtALcqtpyL1G4ZC/zT+E5P KqM93amXr5Sxz+OnM0IIbh5C/Pqe2nWvGNrn1WBG4KA3/4m7 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 14, 2019 Bugs: #672108, #674702, #678334 ID: 201903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6" References ========== [ 1 ] CVE-2019-6212 https://nvd.nist.gov/vuln/detail/CVE-2019-6212 [ 2 ] CVE-2019-6215 https://nvd.nist.gov/vuln/detail/CVE-2019-6215 [ 3 ] CVE-2019-6216 https://nvd.nist.gov/vuln/detail/CVE-2019-6216 [ 4 ] CVE-2019-6217 https://nvd.nist.gov/vuln/detail/CVE-2019-6217 [ 5 ] CVE-2019-6226 https://nvd.nist.gov/vuln/detail/CVE-2019-6226 [ 6 ] CVE-2019-6227 https://nvd.nist.gov/vuln/detail/CVE-2019-6227 [ 7 ] CVE-2019-6229 https://nvd.nist.gov/vuln/detail/CVE-2019-6229 [ 8 ] CVE-2019-6233 https://nvd.nist.gov/vuln/detail/CVE-2019-6233 [ 9 ] CVE-2019-6234 https://nvd.nist.gov/vuln/detail/CVE-2019-6234 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 ------------------------------------------------------------------------ Date reported : February 08, 2019 Advisory ID : WSA-2019-0001 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2019-0001.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0001.html CVE identifiers : CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234. CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to an anonymous researcher. CVE-2019-6215 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4. Credit to Lokihardt of Google Project Zero. CVE-2019-6216 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative. CVE-2019-6217 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team. CVE-2019-6226 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Apple. CVE-2019-6227 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Qixun Zhao of Qihoo 360 Vulcan Team. CVE-2019-6229 Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3. Credit to Ryan Pickren. CVE-2019-6233 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative. CVE-2019-6234 Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before 2.22.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, February 08, 2019

Trust: 3.24

sources: NVD: CVE-2019-6226 // JVNDB: JVNDB-2019-002220 // JVNDB: JVNDB-2019-001192 // BID: 106696 // VULHUB: VHN-157661 // VULMON: CVE-2019-6226 // PACKETSTORM: 151281 // PACKETSTORM: 151332 // PACKETSTORM: 151282 // PACKETSTORM: 152086 // PACKETSTORM: 151592

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	12.1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	12.0.3	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.10	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.1.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.3	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.1.2	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.10 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.3 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.3 (macos high sierra 10.13.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.3 (macos mojave 10.14.3)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.3 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1.2 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1.2 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1.3 (apple watch series 1 or later )	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.10 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1.3 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.3 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-001 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.3 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1.3 earlier	Trust: 0.8
vendor:	apple	model:	watch edition	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	macos security update	scope:	ne	version:	2019	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	12.1.3	Trust: 0.3
vendor:	apple	model:	watch hermes	scope:	eq	version:	0	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.14.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.6	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.13.6	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	12.0.3	Trust: 0.3
vendor:	apple	model:	icloud	scope:	ne	version:	7.10	Trust: 0.3

sources: BID: 106696 // JVNDB: JVNDB-2019-002220 // JVNDB: JVNDB-2019-001192 // NVD: CVE-2019-6226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6226
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6226
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-802
value:	HIGH
Trust: 0.6
VULHUB:	VHN-157661
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-6226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6226
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-157661
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6226
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-157661 // VULMON: CVE-2019-6226 // CNNVD: CNNVD-201901-802 // JVNDB: JVNDB-2019-002220 // NVD: CVE-2019-6226

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-157661 // JVNDB: JVNDB-2019-002220 // NVD: CVE-2019-6226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-802

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-802

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002220

PATCH

title:	HT209443	url:	https://support.apple.com/en-us/HT209443	Trust: 1.6
title:	HT209447	url:	https://support.apple.com/en-us/HT209447	Trust: 1.6
title:	HT209448	url:	https://support.apple.com/en-us/HT209448	Trust: 1.6
title:	HT209449	url:	https://support.apple.com/en-us/HT209449	Trust: 1.6
title:	HT209451	url:	https://support.apple.com/en-us/HT209451	Trust: 1.6
title:	HT209450	url:	https://support.apple.com/en-us/HT209450	Trust: 0.8
title:	HT209443	url:	https://support.apple.com/ja-jp/HT209443	Trust: 0.8
title:	HT209447	url:	https://support.apple.com/ja-jp/HT209447	Trust: 0.8
title:	HT209448	url:	https://support.apple.com/ja-jp/HT209448	Trust: 0.8
title:	HT209449	url:	https://support.apple.com/ja-jp/HT209449	Trust: 0.8
title:	HT209450	url:	https://support.apple.com/ja-jp/HT209450	Trust: 0.8
title:	HT209451	url:	https://support.apple.com/ja-jp/HT209451	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra	url:	https://support.apple.com/en-us/HT209446	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88911	Trust: 0.6

sources: CNNVD: CNNVD-201901-802 // JVNDB: JVNDB-2019-002220 // JVNDB: JVNDB-2019-001192

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6226	Trust: 3.4
db:	BID	id:	106696	Trust: 2.1
db:	JVN	id:	JVNVU97670311	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-002220	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-001192	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-802	Trust: 0.7
db:	PACKETSTORM	id:	152086	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0604	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0639	Trust: 0.6
db:	VULHUB	id:	VHN-157661	Trust: 0.1
db:	VULMON	id:	CVE-2019-6226	Trust: 0.1
db:	PACKETSTORM	id:	151281	Trust: 0.1
db:	PACKETSTORM	id:	151332	Trust: 0.1
db:	PACKETSTORM	id:	151282	Trust: 0.1
db:	PACKETSTORM	id:	151592	Trust: 0.1

sources: VULHUB: VHN-157661 // VULMON: CVE-2019-6226 // BID: 106696 // PACKETSTORM: 151281 // PACKETSTORM: 151332 // PACKETSTORM: 151282 // PACKETSTORM: 152086 // PACKETSTORM: 151592 // CNNVD: CNNVD-201901-802 // JVNDB: JVNDB-2019-002220 // JVNDB: JVNDB-2019-001192 // NVD: CVE-2019-6226

REFERENCES

url:	http://www.securityfocus.com/bid/106696	Trust: 3.1
url:	https://security.gentoo.org/glsa/201903-12	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6226	Trust: 1.9
url:	https://support.apple.com/ht209443	Trust: 1.8
url:	https://support.apple.com/ht209447	Trust: 1.8
url:	https://support.apple.com/ht209448	Trust: 1.8
url:	https://support.apple.com/ht209449	Trust: 1.8
url:	https://support.apple.com/ht209450	Trust: 1.8
url:	https://support.apple.com/ht209451	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu97670311/index.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6226	Trust: 0.8
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20190511-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76318	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76166	Trust: 0.6
url:	https://packetstormsecurity.com/files/152086/gentoo-linux-security-advisory-201903-12.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6212	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6216	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6233	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6215	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6227	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6229	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6217	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6234	Trust: 0.5
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	https://www.apple.com/icloud/	Trust: 0.3
url:	https://support.apple.com/en-us/ht209451	Trust: 0.3
url:	https://support.apple.com/en-us/ht209443	Trust: 0.3
url:	https://support.apple.com/en-us/ht209449	Trust: 0.3
url:	https://support.apple.com/en-us/ht209447	Trust: 0.3
url:	https://support.apple.com/en-us/ht209448	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20346	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20505	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20506	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6235	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6228	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2019-0001.html	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://wpewebkit.org/security/wsa-2019-0001.html	Trust: 0.1
url:	https://wpewebkit.org/security/.	Trust: 0.1

CREDITS

Apple and Qixun Zhao from Qihoo 360 Vulcan Team.,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201901-802

SOURCES

db:	VULHUB	id:	VHN-157661
db:	VULMON	id:	CVE-2019-6226
db:	BID	id:	106696
db:	PACKETSTORM	id:	151281
db:	PACKETSTORM	id:	151332
db:	PACKETSTORM	id:	151282
db:	PACKETSTORM	id:	152086
db:	PACKETSTORM	id:	151592
db:	CNNVD	id:	CNNVD-201901-802
db:	JVNDB	id:	JVNDB-2019-002220
db:	JVNDB	id:	JVNDB-2019-001192
db:	NVD	id:	CVE-2019-6226

LAST UPDATE DATE

2025-12-22T22:03:55.117000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157661	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-6226	date:	2020-08-24T00:00:00
db:	BID	id:	106696	date:	2019-01-22T00:00:00
db:	CNNVD	id:	CNNVD-201901-802	date:	2020-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-002220	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-001192	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-6226	date:	2024-11-21T04:46:15.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157661	date:	2019-03-05T00:00:00
db:	VULMON	id:	CVE-2019-6226	date:	2019-03-05T00:00:00
db:	BID	id:	106696	date:	2019-01-22T00:00:00
db:	PACKETSTORM	id:	151281	date:	2019-01-23T21:27:12
db:	PACKETSTORM	id:	151332	date:	2019-01-25T14:58:45
db:	PACKETSTORM	id:	151282	date:	2019-01-23T21:27:49
db:	PACKETSTORM	id:	152086	date:	2019-03-14T16:23:59
db:	PACKETSTORM	id:	151592	date:	2019-02-11T16:03:48
db:	CNNVD	id:	CNNVD-201901-802	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-002220	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-001192	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-6226	date:	2019-03-05T16:29:02.293