Details of VAR-201912-0503

ID

VAR-201912-0503

CVE

CVE-2019-8566

TITLE

apple's iOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016915

DESCRIPTION

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user. apple's iOS There is an input validation vulnerability in.Information may be obtained. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ReplayKit is one of the screen recording components. A security vulnerability exists in the ReplayKit component in Apple iOS versions prior to 12.2

Trust: 1.71

sources: NVD: CVE-2019-8566 // JVNDB: JVNDB-2019-016915 // VULHUB: VHN-160001

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	12.2	Trust: 1.0
vendor:	アップル	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	アップル	model:	ios	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016915 // NVD: CVE-2019-8566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8566
value:	LOW
Trust: 1.0
NVD:	CVE-2019-8566
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201903-1017
value:	LOW
Trust: 0.6
VULHUB:	VHN-160001
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8566
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-160001
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8566
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8566
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160001 // JVNDB: JVNDB-2019-016915 // CNNVD: CNNVD-201903-1017 // NVD: CVE-2019-8566

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-200	Trust: 0.1

sources: VULHUB: VHN-160001 // JVNDB: JVNDB-2019-016915 // NVD: CVE-2019-8566

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1017

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-1017

PATCH

title:	HT209599 Apple Security update	url:	https://support.apple.com/en-us/HT209599	Trust: 0.8
title:	Apple iOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90459	Trust: 0.6

sources: JVNDB: JVNDB-2019-016915 // CNNVD: CNNVD-201903-1017

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8566	Trust: 3.3
db:	JVNDB	id:	JVNDB-2019-016915	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1017	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0991	Trust: 0.6
db:	VULHUB	id:	VHN-160001	Trust: 0.1

sources: VULHUB: VHN-160001 // JVNDB: JVNDB-2019-016915 // CNNVD: CNNVD-201903-1017 // NVD: CVE-2019-8566

REFERENCES

url:	https://support.apple.com/ht209599	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8566	Trust: 1.4
url:	https://support.apple.com/en-au/ht209599	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77810	Trust: 0.6

sources: VULHUB: VHN-160001 // JVNDB: JVNDB-2019-016915 // CNNVD: CNNVD-201903-1017 // NVD: CVE-2019-8566

SOURCES

db:	VULHUB	id:	VHN-160001
db:	JVNDB	id:	JVNDB-2019-016915
db:	CNNVD	id:	CNNVD-201903-1017
db:	NVD	id:	CVE-2019-8566

LAST UPDATE DATE

2024-11-23T19:41:04.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160001	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-016915	date:	2024-07-23T04:55:00
db:	CNNVD	id:	CNNVD-201903-1017	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-8566	date:	2024-11-21T04:50:04.927

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160001	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-016915	date:	2024-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201903-1017	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2019-8566	date:	2019-12-18T18:15:26.617