Sign-up

ID

VAR-201912-0611


CVE

CVE-2019-8603


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003317

DESCRIPTION

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cfAttributedStringUnserialize method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Accessibility Framework is one of the accessibility components. A buffer error vulnerability exists in the Accessibility Framework component of Apple macOS Mojave prior to 10.14.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the following: Accessibility Framework Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8603: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative AMD Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Application Firewall Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2019-8590: The UK's National Cyber Security Centre (NCSC) CoreAudio Available for: macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved error handling. CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative CoreAudio Available for: macOS Mojave 10.14.4 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative DesktopServices Available for: macOS Mojave 10.14.4 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter Stelzhammer of AV-Comparatives Disk Images Available for: macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Disk Images Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University EFI Available for: macOS Mojave 10.14.4 Impact: A user may be unexpectedly logged in to another user's account Description: An authentication issue was addressed with improved state management. CVE-2019-8634: Jenny Sprenger and Maik Hoepfel Intel Graphics Driver Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Intel Graphics Driver Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8629: Arash Tohidi of Solita Oy IOAcceleratorFamily Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4456: Tyler Bohan of Cisco Talos IOKit Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A local user may be able to load unsigned kernel extensions Description: A validation issue existed in the handling of symlinks. CVE-2019-8606: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: macOS Mojave 10.14.4 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8604: Fluoroacetate working with Trend Micro's Zero Day Initiative SQLite Available for: macOS Mojave 10.14.4 Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research StreamingZip Available for: macOS Mojave 10.14.4 Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) Touch Bar Support Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8569: Viktor Oreshkin (@stek29) WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team Additional recognition CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge an anonymous researcher for their assistance. PackageKit We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance. System Preferences We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZsi4pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GJyhAA ipwQq4CCFG5VTwffHlYFo1WoFhj3LPVex/1v/atmSZvo1GA1C7OMRtjjY4W/66Dn scduO8amThzjp/oSbHaUMSgskpXNqBRLjKZQ02ErfWNhw3laVgPkd0dRqUGNTsa1 WLb6w0cHIozbEl17azkJs5SUojNjRm0+M/GgRMgFbZxbPJMTFpZRH0iKuUCT8cYg 3awkFYqSTWR0UYSIE+gb4VWVjvX5xUrpD6RdEX19cZr6FYT6cv63pGQtBdLTkp/L w5g3X1q4lv5aVqRetUzaOba16M319KAT9MRHBgM7XkFK+5Vdhtj70LUoutxTlPfK c1We70jxAd1BR+WzlxzvxzrWLjxHczSyBVqOOJpS0C99synNCAaTUVoiyQDh3M0k Qlpb4N3rtrVQAFF8rTkeI93wS3qdYPfCWt/Co20EQ5FaWG/+CZTmjbGq61TB1gJq KUymGfplPG1YJbu9UnjLyPF/ICMj8MkMGkSSMIwkG51rhlvJF7pa+fFNGuKt2jnh FTD/fHwWeTcqBq1/9NVPsvdbWk5o2e2xEDYG4EfcWDfSsbsW1g7WsO2LMaDB8EHg Hcy7GCbFYbsDTqVXERUXi6GDusM2UWLyXFqi5Cael1gCCXcPfM9/tn/vfJWxuId4 QvYyi/HZU0Ra1zsp6/2wNvPA+Uw+vGlLhSWgjCxvfLk= =934G -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2019-8603 // JVNDB: JVNDB-2019-003317 // ZDI: ZDI-19-540 // VULHUB: VHN-160038 // VULMON: CVE-2019-8603 // PACKETSTORM: 152845

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:tv softwarescope:ltversion:7.3 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2019-003 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.5 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2019-003 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.1.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:7.3 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.2.1 earlier

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-19-540 // JVNDB: JVNDB-2019-003317 // NVD: CVE-2019-8603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8603
value: HIGH

Trust: 1.0

ZDI: CVE-2019-8603
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201905-466
value: HIGH

Trust: 0.6

VULHUB: VHN-160038
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8603
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8603
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160038
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8603
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2019-8603
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-540 // VULHUB: VHN-160038 // VULMON: CVE-2019-8603 // CNNVD: CNNVD-201905-466 // NVD: CVE-2019-8603

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-160038 // NVD: CVE-2019-8603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-466

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003317

PATCH
title:About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierraurl:https://support.apple.com/en-us/HT210119
Trust: 1.5
title:About the security content of iOS 12.3url:https://support.apple.com/en-us/HT210118
Trust: 0.8
title:About the security content of Safari 12.1.1url:https://support.apple.com/en-us/HT210123
Trust: 0.8
title:About the security content of Apple TV Software 7.3url:https://support.apple.com/en-us/HT210121
Trust: 0.8
title:About the security content of tvOS 12.3url:https://support.apple.com/en-us/HT210120
Trust: 0.8
title:About the security content of watchOS 5.2.1url:https://support.apple.com/en-us/HT210122
Trust: 0.8
title:Apple macOS Mojave Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92622
Trust: 0.6
title:sec-daily-2019url:https://github.com/alphaSeclab/sec-daily-2019 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-540 // 
            
            
            
            VULMON: CVE-2019-8603 // 
            
            
            
            JVNDB: JVNDB-2019-003317 // 
            
            
            
            CNNVD: CNNVD-201905-466

EXTERNAL IDS
db:NVDid:CVE-2019-8603
Trust: 3.4
db:ZDIid:ZDI-19-540
Trust: 1.3
db:JVNid:JVNVU93988385
Trust: 0.8
db:JVNDBid:JVNDB-2019-003317
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-8366
Trust: 0.7
db:CNNVDid:CNNVD-201905-466
Trust: 0.7
db:PACKETSTORMid:152845
Trust: 0.7
db:AUSCERTid:ESB-2019.1695
Trust: 0.6
db:VULHUBid:VHN-160038
Trust: 0.1
db:VULMONid:CVE-2019-8603
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-540 // 
            
            
            
            VULHUB: VHN-160038 // 
            
            
            
            VULMON: CVE-2019-8603 // 
            
            
            
            JVNDB: JVNDB-2019-003317 // 
            
            
            
            PACKETSTORM: 152845 // 
            
            
            
            CNNVD: CNNVD-201905-466 // 
            
            
            
            NVD: CVE-2019-8603

REFERENCES
url:https://support.apple.com/ht210119
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8603
Trust: 1.5
url:https://support.apple.com/en-us/ht210119
Trust: 1.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-8590
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8591
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8560
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8568
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8574
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8576
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8604
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8585
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-8589
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8634
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8576
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8604
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8637
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8635
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8585
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8606
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8622
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8589
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8616
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8613
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8590
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8617
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8620
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8611
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8591
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8626
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8610
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8560
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8593
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8629
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8609
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8568
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8599
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8630
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8574
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8603
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93988385/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8622
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8617
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8613
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8620
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8611
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8593
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8626
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8610
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8599
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8629
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8609
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8630
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8634
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8606
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8635
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8637
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8616
Trust: 0.8
url:https://support.apple.com/en-au/ht210119
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80826
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-19-540/
Trust: 0.6
url:https://packetstormsecurity.com/files/152845/apple-security-advisory-2019-5-13-2.html
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2019/may/20
Trust: 0.1
url:https://github.com/alphaseclab/sec-daily-2019
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8587
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8598
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8569
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8592
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-6237
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8595
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8584
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8601
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8583
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8596
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8602
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8586
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8597
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8577
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8571
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4456
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8600
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8594
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-540 // 
            
            
            
            VULHUB: VHN-160038 // 
            
            
            
            VULMON: CVE-2019-8603 // 
            
            
            
            JVNDB: JVNDB-2019-003317 // 
            
            
            
            PACKETSTORM: 152845 // 
            
            
            
            CNNVD: CNNVD-201905-466 // 
            
            
            
            NVD: CVE-2019-8603

CREDITS
phoenhex & qwerty team (@_niklasb  @qwertyoruiopz and @bkth_)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-540

SOURCES
db:ZDIid:ZDI-19-540
db:VULHUBid:VHN-160038
db:VULMONid:CVE-2019-8603
db:JVNDBid:JVNDB-2019-003317
db:PACKETSTORMid:152845
db:CNNVDid:CNNVD-201905-466
db:NVDid:CVE-2019-8603

LAST UPDATE DATE
2024-11-23T20:46:44.563000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-540date:2019-05-30T00:00:00
db:VULHUBid:VHN-160038date:2019-12-20T00:00:00
db:VULMONid:CVE-2019-8603date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-003317date:2020-01-07T00:00:00
db:CNNVDid:CNNVD-201905-466date:2021-10-29T00:00:00
db:NVDid:CVE-2019-8603date:2024-11-21T04:50:09.353

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-540date:2019-05-30T00:00:00
db:VULHUBid:VHN-160038date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8603date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-003317date:2019-05-15T00:00:00
db:PACKETSTORMid:152845date:2019-05-14T00:28:29
db:CNNVDid:CNNVD-201905-466date:2019-05-14T00:00:00
db:NVDid:CVE-2019-8603date:2019-12-18T18:15:28.693