Details of VAR-201912-0583

ID

VAR-201912-0583

CVE

CVE-2019-8659

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-006634

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. Apple watchOS is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability. 2. An security-bypass vulnerability. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Digital Touch Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8624: Natalie Silvanovich of Google Project Zero FaceTime Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Foundation Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: Apple Watch Series 1 and later Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of University of Oregon Messages Available for: Apple Watch Series 1 and later Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved validation. CVE-2019-8665: Michael Hernandez of XYZ Marketing Quick Look Available for: Apple Watch Series 1 and later Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero UIFoundation Available for: Apple Watch Series 1 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Wallet Available for: Apple Watch Series 1 and later Impact: A user may inadvertently complete an in-app purchase while on the lock screen Description: The issue was addressed with improved UI handling. CVE-2019-8682: Jeff Braswell (JeffBraswell.com) WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GHOxAA qFjks9IgHJdUoeXnf9JQR6LALFQ9M2N7ud2bj3MXxLYOB5f14g04BV/ZTlrl7CrV yjhnjegcMeOTE5XEDRZcSNDuPFUc793pT04+fUqP88Bf/X/8/0D5LA5tRlce1CUr +2aqVJJezJPwUySPpqiKu+GnYvgU6SXxqdWYBV2+FgG2ws0p4CP40fQohJDYgHvY snIe+a46dFg0kywV2DXvWI36fPI1G0Hjwr9XBsbigDzqp7zxNbkwb9rzZiLSO7Us 7Vp9a854IFD7wVShiRufhroP73vKv8qteXH+EUZbubRzZG6j7jyXS74LuNyDi5qW bk+u+yQRnyQQuKJDzy7mJSFgpb6nDFP/ncEIpfrKPXknGuIEO0oqPCUGfNJ5Alq5 Mc2ICPXYKlJQJAA1DgresRaZdpBj2ZE558s6m921R38IB3MAIUyNoiXOnnkNDTp4 vQHSZasbzDkfwjUQsMCX/F8CLsUTWx4vj0RQgqNEQL+um/EdAD1KQZmHkBSyeTyr F74d4tsqO2HoYlPKFtWWNQ7V6Qx37ShrqWrKsoysl8xbCjMYyc0u6IoqsGqNeAUN uTlMUtE3TiaU0Qib/3p+GjUOgnsrhPZrGakzAFw3ntMmt6khhLulN/+MBjibpRyY H2IDW4YapNacIlp47W6AzaEcVZRprCphtiI28u5P2DU= =Mdjp -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2019-8659 // JVNDB: JVNDB-2019-006634 // BID: 109340 // VULHUB: VHN-160094 // PACKETSTORM: 153726 // PACKETSTORM: 154056

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	5.3	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.6 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.13 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.6 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.6 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.2 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.3 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	12.4	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	5.3	Trust: 0.3

sources: BID: 109340 // JVNDB: JVNDB-2019-006634 // NVD: CVE-2019-8659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8659
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201907-1253
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160094
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8659
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160094
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8659
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160094 // CNNVD: CNNVD-201907-1253 // NVD: CVE-2019-8659

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-8659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1253

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1253

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006634

PATCH

title:	About the security content of iCloud for Windows 7.13	url:	https://support.apple.com/en-us/HT210357	Trust: 0.8
title:	About the security content of iCloud for Windows 10.6	url:	https://support.apple.com/en-us/HT210358	Trust: 0.8
title:	About the security content of iOS 12.4	url:	https://support.apple.com/en-us/HT210346	Trust: 0.8
title:	About the security content of tvOS 12.4	url:	https://support.apple.com/en-us/HT210351	Trust: 0.8
title:	About the security content of Safari 12.1.2	url:	https://support.apple.com/en-us/HT210355	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	url:	https://support.apple.com/en-us/HT210348	Trust: 0.8
title:	About the security content of watchOS 5.3	url:	https://support.apple.com/en-us/HT210353	Trust: 0.8
title:	About the security content of iTunes 12.9.6 for Windows	url:	https://support.apple.com/en-us/HT210356	Trust: 0.8
title:	Apple watchOS Messages Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95420	Trust: 0.6

sources: JVNDB: JVNDB-2019-006634 // CNNVD: CNNVD-201907-1253

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8659	Trust: 3.0
db:	BID	id:	109340	Trust: 0.9
db:	JVN	id:	JVNVU93368270	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006634	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2745	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-1253	Trust: 0.6
db:	VULHUB	id:	VHN-160094	Trust: 0.1
db:	PACKETSTORM	id:	153726	Trust: 0.1
db:	PACKETSTORM	id:	154056	Trust: 0.1

sources: VULHUB: VHN-160094 // BID: 109340 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153726 // PACKETSTORM: 154056 // CNNVD: CNNVD-201907-1253 // NVD: CVE-2019-8659

REFERENCES

url:	https://support.apple.com/ht210353	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8659	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8662	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8688	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8669	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8689	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8682	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8660	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8624	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8672	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8683	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8676	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8684	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8648	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8685	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8647	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8657	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8665	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8646	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8658	Trust: 1.0
url:	https://www.apple.com/	Trust: 0.9
url:	http://www.apple.com/watchos-2/	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/jul/msg00003.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8669	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8648	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8680	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8688	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8692	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8699	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8671	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8647	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8681	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8689	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8691	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8667	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8672	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8646	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8682	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8690	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8670	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8624	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8665	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8673	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8683	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8693	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8644	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8663	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8662	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8676	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8684	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8694	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8649	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8661	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8677	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8685	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8695	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8657	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8660	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8678	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8686	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8697	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8658	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8659	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8679	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8687	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8698	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8666	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93368270/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8679	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8663	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8687	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8698	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8666	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8680	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8699	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8681	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8661	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8671	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8692	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8690	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8673	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8691	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8693	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8644	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8670	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8694	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8649	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8677	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8667	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8695	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8678	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8686	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8697	Trust: 0.8
url:	https://support.apple.com/en-au/ht210353	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2745/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210353	Trust: 0.6
url:	https://www.securityfocus.com/bid/109340	Trust: 0.6
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13118	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8641	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9506	Trust: 0.1

sources: VULHUB: VHN-160094 // BID: 109340 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153726 // PACKETSTORM: 154056 // CNNVD: CNNVD-201907-1253 // NVD: CVE-2019-8659

CREDITS

Will Christensen of University of Oregon,Ryan Kontos (@ryanjkontos),Natalie Silvanovich of Google Project Zero and Ryan Kontos (@ryanjkontos),Will Christensen of University of Oregon

Trust: 0.6

sources: CNNVD: CNNVD-201907-1253

SOURCES

db:	VULHUB	id:	VHN-160094
db:	BID	id:	109340
db:	JVNDB	id:	JVNDB-2019-006634
db:	PACKETSTORM	id:	153726
db:	PACKETSTORM	id:	154056
db:	CNNVD	id:	CNNVD-201907-1253
db:	NVD	id:	CVE-2019-8659

LAST UPDATE DATE

2024-11-23T19:54:36.348000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160094	date:	2020-08-24T00:00:00
db:	BID	id:	109340	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201907-1253	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8659	date:	2024-11-21T04:50:14.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160094	date:	2019-12-18T00:00:00
db:	BID	id:	109340	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2019-07-24T00:00:00
db:	PACKETSTORM	id:	153726	date:	2019-07-23T02:22:22
db:	PACKETSTORM	id:	154056	date:	2019-08-14T20:32:22
db:	CNNVD	id:	CNNVD-201907-1253	date:	2019-07-23T00:00:00
db:	NVD	id:	CVE-2019-8659	date:	2019-12-18T18:15:31.583