Details of VAR-201912-0634

ID

VAR-201912-0634

CVE

CVE-2019-8670

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-006634

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. An attacker may exploit this issue to spoof the originating URL of a trusted web site. This may allow a remote attacker to carry out phishing-style attacks. in the United States. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. macOS Mojave is a dedicated operating system developed for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. CVE-2019-8656: Filippo Cavallarin Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-19860 Carbon Core Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8661: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Disk Management Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative FaceTime Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Grapher Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Graphics Drivers Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of Solita, Lilang Wu and Moony Li of Trend Micro CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst IOAcceleratorFamily Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8694: Arash Tohidi of Solita libxslt Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Quick Look Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Safari Available for: macOS Mojave 10.14.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8670: Tsubasa FUJII (@reinforchu) Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative Siri Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8667: Roland Kletzing of cyber:con GmbH UIFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Additional recognition Classroom We would like to acknowledge Jeff Johnson of underpassapp.com <http://underpassapp.com/> for their assistance. Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, and Security Update 2019-004 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ <https://support.apple.com/downloads/> Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 <https://support.apple.com/kb/HT201222> This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ <https://www.apple.com/support/security/pgp/> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl01+gkACgkQeC9tht7T K3FK+RAAvFqlMsRnBWbACjgR3mBJb9Q0I/Sszh4a0LEqiiomyvfhgOQIu01UiE1v 1P0WOAkAoNUn4sxyWPEKfsi/l8U1JG+NBu+zMVqUnG48wmAkMcBib0/FZwGO1Vo3 czV8x8c4lupiIaksGeWxJQ9VKE7BaFttrCQrbEbg2sh5IHRRcyjzao2qGTItw5Xp EKGccuSbBV8njb38L0ITiByMAOxRU9IYHGK0gV7zT9VmWp7sHSFn1aoLehnH7aCq fohWNFRGjb6BtkSnqQvDidaLEcCCgvelUd+EhwpSm+L4lsmTM/+Ae8TE5G/2Fx+s 3wWCfBCx7Y10HRkSv+4fnuJb+aisGxD5q3gbcqJINLx39Jc4oaMyY+xuM30uXn+C vs8Sd705rcNGIKPb0tkEnoXwuptCmp+YqBMjE/MhmYdxGWhxzd3CW9g453yz3WOg 2rpM0Emh6+BIgyBP9tJ08FZL46paKZeGq3VmFz8DRP+POQsnpVMV+LCQm6kfhOEo Id0y+zmfhs6BqlrmbC7djnx5ptLJsEIvgNIyHj9oBoZOXt6RFRBzfEkie4ToylhA wjlZxngc6OOtgrQHiSFRC3qaSm2Eb2bCA/8yTkKkqsxsqQYFXgXhuzAGoXBBRNRZ uUGtetOl6R3STIMg8pgof/c+QpFkHeHPgKf5+J71J5vCu1aPF34= =Meho -----END PGP SIGNATURE----- . CVE-2019-8644: G. Ltd. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8671: Apple CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8677: Jihui Lu of Tencent KeenLab CVE-2019-8678: an anonymous researcher, Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation CVE-2019-8679: Jihui Lu of Tencent KeenLab CVE-2019-8680: Jihui Lu of Tencent KeenLab CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8686: G. CVE-2019-8649: Sergei Glazunov of Google Project Zero Installation note: Safari 12.1.2 may be obtained from the Mac App Store

Trust: 2.16

sources: NVD: CVE-2019-8670 // JVNDB: JVNDB-2019-006634 // BID: 109327 // VULHUB: VHN-160105 // PACKETSTORM: 153723 // PACKETSTORM: 153718

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	12.1.2	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.6 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.13 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.6 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.6 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.2 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.3 earlier	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.14.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	security update high sierra	scope:	ne	version:	2019-0040	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.34	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	12.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	12.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.52	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.28	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.14.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	11	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	security update sierra	scope:	ne	version:	2019-0040	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.33	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.30	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3

sources: BID: 109327 // JVNDB: JVNDB-2019-006634 // NVD: CVE-2019-8670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8670
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201907-1196
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-160105
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8670
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160105
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8670
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160105 // CNNVD: CNNVD-201907-1196 // NVD: CVE-2019-8670

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-160105 // NVD: CVE-2019-8670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1196

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1196

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006634

PATCH

title:	About the security content of iCloud for Windows 7.13	url:	https://support.apple.com/en-us/HT210357	Trust: 0.8
title:	About the security content of iCloud for Windows 10.6	url:	https://support.apple.com/en-us/HT210358	Trust: 0.8
title:	About the security content of iOS 12.4	url:	https://support.apple.com/en-us/HT210346	Trust: 0.8
title:	About the security content of tvOS 12.4	url:	https://support.apple.com/en-us/HT210351	Trust: 0.8
title:	About the security content of Safari 12.1.2	url:	https://support.apple.com/en-us/HT210355	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	url:	https://support.apple.com/en-us/HT210348	Trust: 0.8
title:	About the security content of watchOS 5.3	url:	https://support.apple.com/en-us/HT210353	Trust: 0.8
title:	About the security content of iTunes 12.9.6 for Windows	url:	https://support.apple.com/en-us/HT210356	Trust: 0.8
title:	Apple Safari and macOS Mojave Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95363	Trust: 0.6

sources: JVNDB: JVNDB-2019-006634 // CNNVD: CNNVD-201907-1196

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8670	Trust: 3.0
db:	BID	id:	109327	Trust: 1.0
db:	JVN	id:	JVNVU93368270	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006634	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1196	Trust: 0.7
db:	PACKETSTORM	id:	153723	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2744	Trust: 0.6
db:	VULHUB	id:	VHN-160105	Trust: 0.1
db:	PACKETSTORM	id:	153718	Trust: 0.1

sources: VULHUB: VHN-160105 // BID: 109327 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153723 // PACKETSTORM: 153718 // CNNVD: CNNVD-201907-1196 // NVD: CVE-2019-8670

REFERENCES

url:	https://support.apple.com/ht210348	Trust: 1.7
url:	https://support.apple.com/ht210355	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8670	Trust: 1.6
url:	https://www.apple.com/	Trust: 0.9
url:	http://www.apple.com/safari/	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/jul/msg00001.html	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/jul/msg00002.html	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8679	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8663	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8687	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8666	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8680	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8662	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8688	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8669	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8681	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8661	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8689	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8671	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8692	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8660	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8690	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8672	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8673	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8691	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8683	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8693	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8644	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8676	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8684	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8648	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8694	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8649	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8677	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8667	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8685	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8695	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8657	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8678	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8686	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8646	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8697	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8658	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8669	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8648	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8680	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8688	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8692	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8699	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8671	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8647	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8681	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8689	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8691	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8667	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8672	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8646	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8682	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8690	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8670	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8624	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8665	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8673	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8683	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8693	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8644	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8663	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8662	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8676	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8684	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8694	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8649	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8661	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8677	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8685	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8695	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8657	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8660	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8678	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8686	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8697	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8658	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8659	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8679	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8687	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8698	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8666	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93368270/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8698	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8699	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8682	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8624	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8659	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8647	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8665	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2744/	Trust: 0.6
url:	https://packetstormsecurity.com/files/153723/apple-security-advisory-2019-7-22-2.html	Trust: 0.6
url:	https://www.securityfocus.com/bid/109327	Trust: 0.6
url:	https://support.apple.com/en-us/ht210355	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-29859	Trust: 0.6
url:	https://support.apple.com/en-us/ht210348	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13118	Trust: 0.1
url:	https://support.apple.com/downloads/>	Trust: 0.1
url:	https://support.apple.com/kb/ht201222>	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8656	Trust: 0.1
url:	http://underpassapp.com/>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19860	Trust: 0.1

sources: VULHUB: VHN-160105 // BID: 109327 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153723 // PACKETSTORM: 153718 // CNNVD: CNNVD-201907-1196 // NVD: CVE-2019-8670

CREDITS

Apple,Tsubasa FUJII

Trust: 0.6

sources: CNNVD: CNNVD-201907-1196

SOURCES

db:	VULHUB	id:	VHN-160105
db:	BID	id:	109327
db:	JVNDB	id:	JVNDB-2019-006634
db:	PACKETSTORM	id:	153723
db:	PACKETSTORM	id:	153718
db:	CNNVD	id:	CNNVD-201907-1196
db:	NVD	id:	CVE-2019-8670

LAST UPDATE DATE

2024-11-23T20:56:31.340000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160105	date:	2019-12-19T00:00:00
db:	BID	id:	109327	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201907-1196	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-8670	date:	2024-11-21T04:50:15.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160105	date:	2019-12-18T00:00:00
db:	BID	id:	109327	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2019-07-24T00:00:00
db:	PACKETSTORM	id:	153723	date:	2019-07-23T18:02:22
db:	PACKETSTORM	id:	153718	date:	2019-07-23T10:32:22
db:	CNNVD	id:	CNNVD-201907-1196	date:	2019-07-22T00:00:00
db:	NVD	id:	CVE-2019-8670	date:	2019-12-18T18:15:32.443