Details of VAR-201912-0622

ID

VAR-201912-0622

CVE

CVE-2019-8616

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003317

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IOAccelSharedUserClient2 call. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. Apple macOS Mojave is the American Apple ( Apple ) company's set designed for Mac A dedicated operating system developed for computers. Intel Graphics Driver is one of the integrated graphics drivers. Apple macOS Mojave 10.14.5 in the previous version Intel Graphics Driver Components have code issue vulnerabilities

Trust: 2.43

sources: NVD: CVE-2019-8616 // JVNDB: JVNDB-2019-003317 // ZDI: ZDI-19-538 // VULHUB: VHN-160051 // VULMON: CVE-2019-8616

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	tv software	scope:	lt	version:	7.3 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-003 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.5 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-003 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	7.3 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2.1 earlier	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-19-538 // JVNDB: JVNDB-2019-003317 // NVD: CVE-2019-8616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8616
value:	HIGH
Trust: 1.0
ZDI:	CVE-2019-8616
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201905-472
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160051
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-8616
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8616
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-160051
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8616
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2019-8616
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-538 // VULHUB: VHN-160051 // VULMON: CVE-2019-8616 // CNNVD: CNNVD-201905-472 // NVD: CVE-2019-8616

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-160051 // NVD: CVE-2019-8616

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-472

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-472

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003317

PATCH

title:	About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra	url:	https://support.apple.com/en-us/HT210119	Trust: 1.5
title:	About the security content of iOS 12.3	url:	https://support.apple.com/en-us/HT210118	Trust: 0.8
title:	About the security content of Safari 12.1.1	url:	https://support.apple.com/en-us/HT210123	Trust: 0.8
title:	About the security content of Apple TV Software 7.3	url:	https://support.apple.com/en-us/HT210121	Trust: 0.8
title:	About the security content of tvOS 12.3	url:	https://support.apple.com/en-us/HT210120	Trust: 0.8
title:	About the security content of watchOS 5.2.1	url:	https://support.apple.com/en-us/HT210122	Trust: 0.8
title:	Apple macOS Mojave Intel Graphics Driver Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92628	Trust: 0.6

sources: ZDI: ZDI-19-538 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-472

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8616	Trust: 3.3
db:	ZDI	id:	ZDI-19-538	Trust: 1.3
db:	JVN	id:	JVNVU93988385	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-003317	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8356	Trust: 0.7
db:	CNNVD	id:	CNNVD-201905-472	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1695	Trust: 0.6
db:	VULHUB	id:	VHN-160051	Trust: 0.1
db:	VULMON	id:	CVE-2019-8616	Trust: 0.1

sources: ZDI: ZDI-19-538 // VULHUB: VHN-160051 // VULMON: CVE-2019-8616 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-472 // NVD: CVE-2019-8616

REFERENCES

url:	https://support.apple.com/ht210119	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8616	Trust: 1.4
url:	https://support.apple.com/en-us/ht210119	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8634	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8576	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8604	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8637	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8635	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8585	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8606	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8622	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8589	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8616	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8613	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8590	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8617	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8620	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8611	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8591	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8626	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8610	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8560	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8593	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8629	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8609	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8568	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8599	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8630	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8574	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8603	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93988385/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8622	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8590	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8617	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8613	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8591	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8620	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8560	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8611	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8593	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8626	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8568	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8610	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8599	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8629	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8574	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8609	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8603	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8630	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8576	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8604	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8634	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8585	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8606	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8635	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8637	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8589	Trust: 0.8
url:	https://support.apple.com/en-au/ht210119	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-538/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80826	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2019/may/20	Trust: 0.1

sources: ZDI: ZDI-19-538 // VULHUB: VHN-160051 // VULMON: CVE-2019-8616 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-472 // NVD: CVE-2019-8616

CREDITS

Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

Trust: 0.7

sources: ZDI: ZDI-19-538

SOURCES

db:	ZDI	id:	ZDI-19-538
db:	VULHUB	id:	VHN-160051
db:	VULMON	id:	CVE-2019-8616
db:	JVNDB	id:	JVNDB-2019-003317
db:	CNNVD	id:	CNNVD-201905-472
db:	NVD	id:	CVE-2019-8616

LAST UPDATE DATE

2024-11-23T21:10:30.745000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-538	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-160051	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-8616	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003317	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-472	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8616	date:	2024-11-21T04:50:10.753

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-538	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-160051	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8616	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-003317	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201905-472	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-8616	date:	2019-12-18T18:15:29.567