Details of VAR-201912-0554

ID

VAR-201912-0554

CVE

CVE-2019-8540

TITLE

Initialization vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2019-016888

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. iOS , Apple Mac OS X , tvOS A number of Apple products have vulnerabilities related to initialization.Information may be obtained. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Kernel is one of the kernels. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Security vulnerabilities exist in the Kernel component of Apple iOS versions prior to 12.2, tvOS versions prior to 12.2, and macOS Mojave versions prior to 10.14.4. CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following: AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420) FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2019-8550: Lauren Guzniczak of Keystone Academy Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8504: an anonymous researcher IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us) PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de) Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC) Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance. Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance. Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance. Installation note: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE----- . Installation note: Apple TV will periodically check for software updates

Trust: 2.07

sources: NVD: CVE-2019-8540 // JVNDB: JVNDB-2019-016888 // VULHUB: VHN-159975 // VULMON: CVE-2019-8540 // PACKETSTORM: 152277 // PACKETSTORM: 152222 // PACKETSTORM: 152225

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	12.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.4	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.2	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.2	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	5.2	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016888 // NVD: CVE-2019-8540

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8540
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-8540
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-1007
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-159975
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-8540
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8540
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-159975
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8540
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8540
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-159975 // VULMON: CVE-2019-8540 // JVNDB: JVNDB-2019-016888 // CNNVD: CNNVD-201903-1007 // NVD: CVE-2019-8540

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.1
problemtype:	Improper initialization (CWE-665) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-159975 // JVNDB: JVNDB-2019-016888 // NVD: CVE-2019-8540

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1007

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201903-1007

PATCH

title:	HT209601 Apple Security update	url:	https://support.apple.com/en-us/HT209599	Trust: 0.8
title:	Apple iOS , tvOS and macOS Mojave Kernel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90451	Trust: 0.6
title:	Apple: watchOS 5.2	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=2535ab738191c2105f7d40d8c90ed298	Trust: 0.1
title:	Apple: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=71ec5bcffc9e0f0f386b31db20244ce1	Trust: 0.1
title:	CVE-2019-8540	url:	https://github.com/maldiohead/CVE-2019-8540	Trust: 0.1
title:	sec-daily-2019	url:	https://github.com/alphaSeclab/sec-daily-2019	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC	url:	https://github.com/Jonathan-Elias/PoC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/ios-122-patches-over-50-security-vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2019-8540 // JVNDB: JVNDB-2019-016888 // CNNVD: CNNVD-201903-1007

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8540	Trust: 3.7
db:	JVNDB	id:	JVNDB-2019-016888	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1007	Trust: 0.7
db:	PACKETSTORM	id:	152277	Trust: 0.7
db:	PACKETSTORM	id:	152225	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1032	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0991	Trust: 0.6
db:	VULHUB	id:	VHN-159975	Trust: 0.1
db:	VULMON	id:	CVE-2019-8540	Trust: 0.1
db:	PACKETSTORM	id:	152222	Trust: 0.1

sources: VULHUB: VHN-159975 // VULMON: CVE-2019-8540 // JVNDB: JVNDB-2019-016888 // PACKETSTORM: 152277 // PACKETSTORM: 152222 // PACKETSTORM: 152225 // CNNVD: CNNVD-201903-1007 // NVD: CVE-2019-8540

REFERENCES

url:	https://support.apple.com/ht209599	Trust: 1.8
url:	https://support.apple.com/ht209600	Trust: 1.8
url:	https://support.apple.com/ht209601	Trust: 1.8
url:	https://support.apple.com/ht209602	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8540	Trust: 1.7
url:	https://support.apple.com/en-au/ht209599	Trust: 0.6
url:	https://support.apple.com/en-au/ht209602	Trust: 0.6
url:	https://support.apple.com/en-us/ht209602	Trust: 0.6
url:	https://packetstormsecurity.com/files/152225/apple-security-advisory-2019-3-25-3.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht209600	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77810	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77986	Trust: 0.6
url:	https://packetstormsecurity.com/files/152277/apple-security-advisory-2019-3-27-1.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8514	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8502	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8516	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8527	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8517	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6207	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7293	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8510	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8511	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8544	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8518	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8506	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8536	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8542	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8545	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7286	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7292	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8549	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8530	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/665.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/maldiohead/cve-2019-8540	Trust: 0.1
url:	https://support.apple.com/kb/ht209602	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8558	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8559	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8552	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6239	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8533	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8521	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8504	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8529	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8507	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18311	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6201	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7285	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8523	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8551	Trust: 0.1

CREDITS

Apple

Trust: 0.9

sources: PACKETSTORM: 152277 // PACKETSTORM: 152222 // PACKETSTORM: 152225 // CNNVD: CNNVD-201903-1007

SOURCES

db:	VULHUB	id:	VHN-159975
db:	VULMON	id:	CVE-2019-8540
db:	JVNDB	id:	JVNDB-2019-016888
db:	PACKETSTORM	id:	152277
db:	PACKETSTORM	id:	152222
db:	PACKETSTORM	id:	152225
db:	CNNVD	id:	CNNVD-201903-1007
db:	NVD	id:	CVE-2019-8540

LAST UPDATE DATE

2024-11-23T21:21:59.924000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-159975	date:	2019-12-30T00:00:00
db:	VULMON	id:	CVE-2019-8540	date:	2019-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-016888	date:	2024-07-19T08:34:00
db:	CNNVD	id:	CNNVD-201903-1007	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-8540	date:	2024-11-21T04:50:01.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-159975	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8540	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-016888	date:	2024-07-19T00:00:00
db:	PACKETSTORM	id:	152277	date:	2019-03-28T16:23:02
db:	PACKETSTORM	id:	152222	date:	2019-03-26T14:40:53
db:	PACKETSTORM	id:	152225	date:	2019-03-26T14:42:33
db:	CNNVD	id:	CNNVD-201903-1007	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2019-8540	date:	2019-12-18T18:15:24.850