Sign-up

ID

VAR-201912-0132


CVE

CVE-2019-8779


TITLE

iOS and iPadOS Update to

Trust: 0.8

sources: JVNDB: JVNDB-2019-009768

DESCRIPTION

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component in Apple iOS versions prior to 13.1.1 and iPadOS versions prior to 13.1.1. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1 iOS 13.1.1 and iPadOS 13.1.1 are now available and address the following: Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Third party app extensions may not receive the correct sandbox restrictions Description: A logic issue applied the incorrect restrictions. CVE-2019-8779: Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.1.1 and iPadOS 13.1.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2OQv8ACgkQBz4uGe3y 0M0khhAAlJIPFCMoN9t7dBGCAv7pAN/DB4vdQQe0GMf4wRI9gYWEZCZs5GGl3DWl lki8MyOl4kImWJrgYdK+muLCFo4oMhm2ieAyPYau14n/4ZBITe/PIP3JQT0jn+BA mtY+H2Lf1fACX49bNjpkIC0j05r4JGk7yggki0IOIkUyaoFCmCUNR8fV7clP8RK1 UUvo4scZ90axMMk4YzCqAEnHTeoUhqaYyCXirUThpMHhsZjbRbUQ497OOQ1B/N5W QSx0fsor2N6XvHA7g0dR4XrM+4U3xQgsdyQabMoqZG4Ua9UBnZ5n0kQi53kwLKWL wJtNb9VB27MvnwE4WmoHJcJPqXDE/4RaXV1Vd6m/0LGlRIHQRragKHzfYJSUhZ80 xd8H/E9yisSWGfflRziw5haPAatPKNvkHEy7kwC2/skbQ4vpb/CXnToiNIsSBnDl vn+wdjeW1gcnl2+q+BrhTPU2/wSxl3jUncjfNpq6LPzk+O3m9IN3Q6MTib4xkfZo poNmT0qCcTIK+7BZ3j5INP51ZCz7n9otD3l7LEI7dcb0bP2rM9yZZfdLILsNOyXc uAS6IFoq4Gwclma3rYbD2mgKPu94DQWTsiSBS3ZqSk+mc4cKphNc2U0Qq9Li31zB EEbk4iAT3QemSf7aAII5VhfRE+UOQ69JdIwJvIiN/tA3t4VsibQ= =12Lw -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2019-8779 // JVNDB: JVNDB-2019-009768 // VULHUB: VHN-160214 // VULMON: CVE-2019-8779 // PACKETSTORM: 154670

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.1.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.1.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:13.1.1 earlier

Trust: 0.8

vendor:applemodel:ipadosscope:ltversion:13.1.1 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-009768 // NVD: CVE-2019-8779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8779
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-201909-1335
value: CRITICAL

Trust: 0.6

VULHUB: VHN-160214
value: HIGH

Trust: 0.1

VULMON: CVE-2019-8779
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8779
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160214
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8779
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-160214 // VULMON: CVE-2019-8779 // CNNVD: CNNVD-201909-1335 // NVD: CVE-2019-8779

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

sources: VULHUB: VHN-160214 // NVD: CVE-2019-8779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1335

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009768

PATCH
title:About the security content of iOS 13.1.1 and iPadOS 13.1.1url:https://support.apple.com/en-us/HT210624
Trust: 0.8
title:Apple iOS  and iPadOS Sandbox Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98725
Trust: 0.6
title:Apple: iOS 13.1.1 and iPadOS 13.1.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=462ffacaee7e69b7f78c458a035c55a5
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-8779 // 
            
            
            
            JVNDB: JVNDB-2019-009768 // 
            
            
            
            CNNVD: CNNVD-201909-1335

EXTERNAL IDS
db:NVDid:CVE-2019-8779
Trust: 2.7
db:PACKETSTORMid:154670
Trust: 0.8
db:JVNid:JVNVU91560805
Trust: 0.8
db:JVNDBid:JVNDB-2019-009768
Trust: 0.8
db:CNNVDid:CNNVD-201909-1335
Trust: 0.7
db:AUSCERTid:ESB-2019.3665
Trust: 0.6
db:VULHUBid:VHN-160214
Trust: 0.1
db:VULMONid:CVE-2019-8779
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160214 // 
            
            
            
            VULMON: CVE-2019-8779 // 
            
            
            
            JVNDB: JVNDB-2019-009768 // 
            
            
            
            PACKETSTORM: 154670 // 
            
            
            
            CNNVD: CNNVD-201909-1335 // 
            
            
            
            NVD: CVE-2019-8779

REFERENCES
url:https://support.apple.com/ht210624
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8779
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8779
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91560805/
Trust: 0.8
url:https://support.apple.com/en-au/ht210624
Trust: 0.6
url:https://packetstormsecurity.com/files/154670/apple-security-advisory-2019-9-27-1.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3665/
Trust: 0.6
url:https://support.apple.com/en-us/ht210624
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/668.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht210624
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/itunes/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160214 // 
            
            
            
            VULMON: CVE-2019-8779 // 
            
            
            
            JVNDB: JVNDB-2019-009768 // 
            
            
            
            PACKETSTORM: 154670 // 
            
            
            
            CNNVD: CNNVD-201909-1335 // 
            
            
            
            NVD: CVE-2019-8779

CREDITS
Apple
Trust: 0.7
sources:
            
            
            PACKETSTORM: 154670 // 
            
            
            
            CNNVD: CNNVD-201909-1335

SOURCES
db:VULHUBid:VHN-160214
db:VULMONid:CVE-2019-8779
db:JVNDBid:JVNDB-2019-009768
db:PACKETSTORMid:154670
db:CNNVDid:CNNVD-201909-1335
db:NVDid:CVE-2019-8779

LAST UPDATE DATE
2024-11-23T22:05:56.020000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160214date:2019-12-26T00:00:00
db:VULMONid:CVE-2019-8779date:2019-12-26T00:00:00
db:JVNDBid:JVNDB-2019-009768date:2020-01-07T00:00:00
db:CNNVDid:CNNVD-201909-1335date:2021-10-29T00:00:00
db:NVDid:CVE-2019-8779date:2024-11-21T04:50:27.503

SOURCES RELEASE DATE
db:VULHUBid:VHN-160214date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8779date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-009768date:2019-10-01T00:00:00
db:PACKETSTORMid:154670date:2019-09-29T18:32:22
db:CNNVDid:CNNVD-201909-1335date:2019-09-30T00:00:00
db:NVDid:CVE-2019-8779date:2019-12-18T18:15:40.397