VARIoT IoT vulnerabilities database
| VAR-201903-0227 | CVE-2019-9744 | plural PHOENIX CONTACT FL NAT Session fixation vulnerability in products |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. plural PHOENIX CONTACT FL NAT The product contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.
Attackers can exploit this issue to bypass certain security restrictions and perform certain unauthorized actions. This may aid in further attacks. Authorization issue vulnerabilities exist in several PHOENIX CONTACT products. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
| VAR-201903-0002 | CVE-2010-5305 | plural Rockwell Controller access control vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. plural Rockwell The controller contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation PLC-5 is a programmable logic controller produced by Rockwell Automation in the United States. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-201904-0121 | CVE-2019-9974 | DASAN H660RM GPON Authorization vulnerability in router firmware |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. DASAN H660RM GPON There is an authorization vulnerability in the router firmware.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. DASAN H660RM is a GPON optical network terminal equipment produced by Korea DASAN Company. There is an authorization problem vulnerability in the diag_tool.cgi file in DASAN H660RM with firmware version 1.03-0022. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
| VAR-201904-0123 | CVE-2019-9976 | DASAN H660RM Vulnerabilities related to certificate / password management in device firmware |
CVSS V2: 4.0 CVSS V3: 8.8 Severity: HIGH |
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. DASAN H660RM The device firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DASAN H660RM is a GPON optical network terminal equipment produced by Korea DASAN Company. A trust management issue vulnerability exists in DASAN H660RM with firmware version 1.03-0022. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
| VAR-201904-0122 | CVE-2019-9975 | DASAN H660RM Vulnerabilities related to the use of hard-coded credentials in device firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. DASAN H660RM is a GPON optical network terminal equipment produced by Korea DASAN Company. A trust management issue vulnerability exists in DASAN H660RM with firmware version 1.03-0022. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
| VAR-201903-0182 | CVE-2019-6542 | plural ENTTEC Vulnerability related to lack of certification for critical functions in the product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. ENTTEC Datagate MK2 , Storm 24 , Pixelator Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. ENTTECDatagateMK2 and other products are products of Australian ENTTEC company. The ENTTECDatagateMK2 is a lighting controller. The ENTTECStorm24 is an Ethernet to DMX512 converter. The ENTTECPixelator is a pixel controller. ENTTEC Lighting Controllers are prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to reboot the affected device, denying service to legitimate users.
The following ENTTEC products and versions are affected:
Datagate MK2 all versions prior to 70044-update-05032019-482,
Storm 24 all versions prior to 70050-update-05032019-482, and
Pixelator all versions prior to 70060-update-05032019-482
| VAR-201906-1192 | CVE-2019-10009 | Titan FTP Server Path Traversal Vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. TitanFTPServer is an FTP file transfer server. A directory traversal vulnerability exists in the TitanFTPServer2019build3505 release. An attacker could exploit this vulnerability to load arbitrary files
| VAR-201912-0822 | CVE-2019-6222 | apple's iOS Vulnerability in |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. apple's iOS Exists in unspecified vulnerabilities.Information may be obtained. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of Apple's iOS versions prior to 12.2. An attacker could exploit this vulnerability to gain access to the speaker without being prompted to use the speaker. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may authorize an enterprise administrator to remotely
wipe their device without appropriate disclosure
Description: This issue was addressed with improved transparency.
CVE-2019-8512: an anonymous researcher, an anonymous researcher
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
GeoServices
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
S/MIME signature spoofing
Description: This issue was addressed with improved checks.
CVE-2019-7284: Damian Poddebniak of Münster University of Applied
Sciences
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Power Management
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
ReplayKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access the microphone
without indication to the user
Description: An API issue existed in the handling of microphone data.
CVE-2019-8566: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access sensor information without
user consent
Description: A permissions issue existed in the handling of motion
and orientation data.
CVE-2019-8554: an anonymous researcher
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access the microphone without the
microphone use indicator being shown
Description: A consistency issue was addressed with improved state
handling.
CVE-2019-6222: Denis Markov of Resonance Software
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
XPC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Calendar
We would like to acknowledge Peter Hempsall of 104days.com, Sascha
Mogler of mogler.com, and an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Quick Look
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Screen Time
We would like to acknowledge Brandon Moore (@Brandonsecurity) for
their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA
kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu
136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9
ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz
fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx
7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1
LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD
m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4
+GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h
dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ
Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK
SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc=
=VAWG
-----END PGP SIGNATURE-----=
| VAR-201912-0820 | CVE-2019-6204 | apple's Safari and iOS Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. apple's Safari and iOS Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Both Apple Safari and Apple iOS are products of Apple Inc. in the United States. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Safari Reader is one of the reader components. A security vulnerability exists in the Safari Reader component in Apple iOS versions prior to 12.2 and Safari versions prior to 12.1. Attackers can use this vulnerability to inject arbitrary web scripts or HTML through malicious pages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may authorize an enterprise administrator to remotely
wipe their device without appropriate disclosure
Description: This issue was addressed with improved transparency.
CVE-2019-8512: an anonymous researcher, an anonymous researcher
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
GeoServices
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
S/MIME signature spoofing
Description: This issue was addressed with improved checks.
CVE-2019-7284: Damian Poddebniak of Münster University of Applied
Sciences
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Power Management
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
ReplayKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access the microphone
without indication to the user
Description: An API issue existed in the handling of microphone data.
CVE-2019-8566: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access sensor information without
user consent
Description: A permissions issue existed in the handling of motion
and orientation data.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access the microphone without the
microphone use indicator being shown
Description: A consistency issue was addressed with improved state
handling.
CVE-2019-6222: Denis Markov of Resonance Software
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
XPC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Calendar
We would like to acknowledge Peter Hempsall of 104days.com, Sascha
Mogler of mogler.com, and an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Quick Look
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Screen Time
We would like to acknowledge Brandon Moore (@Brandonsecurity) for
their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA
kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu
136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9
ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz
fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx
7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1
LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD
m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4
+GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h
dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ
Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK
SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc=
=VAWG
-----END PGP SIGNATURE-----=
.
Installation note:
Safari 12.1 may be obtained from the Mac App Store
| VAR-201912-0818 | CVE-2019-6239 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Bom is one of the Byte Order Mark (Byte Order Mark) components. A security vulnerability exists in the Bom component in Apple macOS Mojave prior to 10.14.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro's Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external
monitor
Description: A lock handling issue was addressed with improved lock
handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user's locked notes
Description: An access issue was addressed with improved memory
management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre
(NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.
Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9
FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT
vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D
Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33
iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM
ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB
sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p
7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J
+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7
OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0
zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS
1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=
=QV0f
-----END PGP SIGNATURE-----
| VAR-201912-0821 | CVE-2019-6207 | plural Apple Updates to product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. An out-of-bounds read vulnerability exists in the Kernel component of Apple iOS versions prior to 12.2, tvOS versions prior to 12.2, and macOS Mojave versions prior to 10.14.4.
CVE-2019-8546: ChiYuan Chang
Passcode
Available for: Apple Watch Series 1 and later
Impact: A partially entered passcode may not clear when the device
goes to sleep
Description: An issue existed where partially entered passcodes may
not clear when the device went to sleep. This issue was addressed by
clearing the passcode when a locked device sleeps.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may authorize an enterprise administrator to remotely
wipe their device without appropriate disclosure
Description: This issue was addressed with improved transparency.
CVE-2019-8512: an anonymous researcher, an anonymous researcher
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
GeoServices
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
S/MIME signature spoofing
Description: This issue was addressed with improved checks.
CVE-2019-7284: Damian Poddebniak of Münster University of Applied
Sciences
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Power Management
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
ReplayKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access the microphone
without indication to the user
Description: An API issue existed in the handling of microphone data.
CVE-2019-8566: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access sensor information without
user consent
Description: A permissions issue existed in the handling of motion
and orientation data.
CVE-2019-8554: an anonymous researcher
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access the microphone without the
microphone use indicator being shown
Description: A consistency issue was addressed with improved state
handling.
CVE-2019-6222: Denis Markov of Resonance Software
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
XPC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Calendar
We would like to acknowledge Peter Hempsall of 104days.com, Sascha
Mogler of mogler.com, and an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Quick Look
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Screen Time
We would like to acknowledge Brandon Moore (@Brandonsecurity) for
their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA
kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu
136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9
ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz
fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx
7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1
LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD
m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4
+GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h
dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ
Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK
SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc=
=VAWG
-----END PGP SIGNATURE-----=
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R.
CVE-2019-8508: Dr.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update
| VAR-201912-0816 | CVE-2019-6236 | plural Apple Updates to product vulnerabilities |
CVSS V2: 7.6 CVSS V3: 7.5 Severity: HIGH |
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. The product supports storage of music, photos, App and contacts, etc. iCloud Installer is one of the iCloud installer components. A security vulnerability exists in the iCloud Installer component of Apple iCloud versions prior to 7.11 on Windows platforms. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11
iCloud for Windows 7.11 is now available and addresses the following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-6232: Stefan Kanthak (eskamation.de)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6236: Stefan Kanthak (eskamation.de)
Additional recognition
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
iCloud for Windows 7.11 may be obtained from:
https://support.apple.com/HT204283
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA
msR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C
KmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W
HbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B
xiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK
FBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k
c+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a
OMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v
Q8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu
NHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA
sxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U
5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q=
=0QP2
-----END PGP SIGNATURE-----=
| VAR-201912-0815 | CVE-2019-6232 | plural Apple Updates to product vulnerabilities |
CVSS V2: 7.6 CVSS V3: 7.5 Severity: HIGH |
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11
iCloud for Windows 7.11 is now available and addresses the following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-6232: Stefan Kanthak (eskamation.de)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6236: Stefan Kanthak (eskamation.de)
Additional recognition
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
iCloud for Windows 7.11 may be obtained from:
https://support.apple.com/HT204283
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA
msR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C
KmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W
HbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B
xiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK
FBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k
c+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a
OMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v
Q8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu
NHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA
sxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U
5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q=
=0QP2
-----END PGP SIGNATURE-----=
| VAR-201912-0819 | CVE-2019-6201 | Out-of-bounds write vulnerability in multiple Apple products |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. iCloud , iTunes , Safari Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A memory corruption vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may authorize an enterprise administrator to remotely
wipe their device without appropriate disclosure
Description: This issue was addressed with improved transparency.
CVE-2019-8512: an anonymous researcher, an anonymous researcher
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
GeoServices
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
S/MIME signature spoofing
Description: This issue was addressed with improved checks.
CVE-2019-7284: Damian Poddebniak of Münster University of Applied
Sciences
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Power Management
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
ReplayKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access the microphone
without indication to the user
Description: An API issue existed in the handling of microphone data.
CVE-2019-8566: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access sensor information without
user consent
Description: A permissions issue existed in the handling of motion
and orientation data.
CVE-2019-8554: an anonymous researcher
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access the microphone without the
microphone use indicator being shown
Description: A consistency issue was addressed with improved state
handling.
CVE-2019-6222: Denis Markov of Resonance Software
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
XPC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Calendar
We would like to acknowledge Peter Hempsall of 104days.com, Sascha
Mogler of mogler.com, and an anonymous researcher for their
assistance.
Quick Look
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Screen Time
We would like to acknowledge Brandon Moore (@Brandonsecurity) for
their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA
kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu
136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9
ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz
fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx
7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1
LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD
m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4
+GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h
dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ
Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK
SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc=
=VAWG
-----END PGP SIGNATURE-----=
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: September 06, 2019
Bugs: #683234, #686216, #693122
ID: 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"
References
==========
[ 1 ] CVE-2019-11070
https://nvd.nist.gov/vuln/detail/CVE-2019-11070
[ 2 ] CVE-2019-6201
https://nvd.nist.gov/vuln/detail/CVE-2019-6201
[ 3 ] CVE-2019-6251
https://nvd.nist.gov/vuln/detail/CVE-2019-6251
[ 4 ] CVE-2019-7285
https://nvd.nist.gov/vuln/detail/CVE-2019-7285
[ 5 ] CVE-2019-7292
https://nvd.nist.gov/vuln/detail/CVE-2019-7292
[ 6 ] CVE-2019-8503
https://nvd.nist.gov/vuln/detail/CVE-2019-8503
[ 7 ] CVE-2019-8506
https://nvd.nist.gov/vuln/detail/CVE-2019-8506
[ 8 ] CVE-2019-8515
https://nvd.nist.gov/vuln/detail/CVE-2019-8515
[ 9 ] CVE-2019-8518
https://nvd.nist.gov/vuln/detail/CVE-2019-8518
[ 10 ] CVE-2019-8523
https://nvd.nist.gov/vuln/detail/CVE-2019-8523
[ 11 ] CVE-2019-8524
https://nvd.nist.gov/vuln/detail/CVE-2019-8524
[ 12 ] CVE-2019-8535
https://nvd.nist.gov/vuln/detail/CVE-2019-8535
[ 13 ] CVE-2019-8536
https://nvd.nist.gov/vuln/detail/CVE-2019-8536
[ 14 ] CVE-2019-8544
https://nvd.nist.gov/vuln/detail/CVE-2019-8544
[ 15 ] CVE-2019-8551
https://nvd.nist.gov/vuln/detail/CVE-2019-8551
[ 16 ] CVE-2019-8558
https://nvd.nist.gov/vuln/detail/CVE-2019-8558
[ 17 ] CVE-2019-8559
https://nvd.nist.gov/vuln/detail/CVE-2019-8559
[ 18 ] CVE-2019-8563
https://nvd.nist.gov/vuln/detail/CVE-2019-8563
[ 19 ] CVE-2019-8595
https://nvd.nist.gov/vuln/detail/CVE-2019-8595
[ 20 ] CVE-2019-8607
https://nvd.nist.gov/vuln/detail/CVE-2019-8607
[ 21 ] CVE-2019-8615
https://nvd.nist.gov/vuln/detail/CVE-2019-8615
[ 22 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 23 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 24 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 25 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 26 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 27 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 28 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 29 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 30 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 31 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 32 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 33 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 34 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 35 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 36 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 37 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 38 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 39 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 40 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 41 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 42 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 43 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 44 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 45 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 46 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 47 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 48 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 49 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 50 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 51 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 52 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 53 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 54 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 55 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 56 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 57 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 58 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 59 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 60 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 61 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 62 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 63 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 64 ] WSA-2019-0002
https://webkitgtk.org/security/WSA-2019-0002.html
[ 65 ] WSA-2019-0004
https://webkitgtk.org/security/WSA-2019-0004.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201909-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
Windows Installer
Available for: Windows 7 and later
Impact: Running the iCloud installer in an untrusted directory may
result in arbitrary code execution
Description: A race condition existed during the installation of
iCloud for Windows.
Installation note:
Safari 12.1 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002
------------------------------------------------------------------------
Date reported : April 10, 2019
Advisory ID : WSA-2019-0002
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0002.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0002.html
CVE identifiers : CVE-2019-6201, CVE-2019-6251, CVE-2019-7285,
CVE-2019-7292, CVE-2019-8503, CVE-2019-8506,
CVE-2019-8515, CVE-2019-8518, CVE-2019-8523,
CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,
CVE-2019-8544, CVE-2019-8551, CVE-2019-8558,
CVE-2019-8559, CVE-2019-8563, CVE-2019-11070.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2019-6201
Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before
2.22.4.
Credit to dwfault working with ADLab of Venustech.
CVE-2019-6251
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Dhiraj.
WebKitGTK and WPE WebKit were vulnerable to a URI spoofing attack
similar to the CVE-2018-8383 issue in Microsoft Edge.
CVE-2019-7285
Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before
2.22.4.
Credit to dwfault working at ADLab of Venustech.
CVE-2019-7292
Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before
2.22.4.
Credit to Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team.
CVE-2019-8503
Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before
2.22.4.
Credit to Linus S\xe4rud of Detectify.
A malicious website may be able to execute scripts in the context of
another website.
CVE-2019-8506
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8515
Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before
2.22.4.
Credit to James Lee, @Windowsrcer. A cross-origin issue existed with the fetch API.
This was addressed with improved input validation.
CVE-2019-8518
Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before
2.22.5.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8523
Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before
2.22.5.
Credit to Apple.
CVE-2019-8524
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8535
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Zhiyang Zeng, @Wester, of Tencent Blade Team.
CVE-2019-8536
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Apple.
CVE-2019-8544
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to an anonymous researcher.
CVE-2019-8551
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Ryan Pickren, ryanpickren.com.
CVE-2019-8558
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8559
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Apple.
CVE-2019-8563
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Apple.
CVE-2019-11070
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Igalia.
WebKitGTK and WPE WebKit failed to properly apply configured HTTP
proxy settings when downloading livestream video (HLS, DASH, or
Smooth Streaming), an error resulting in deanonymization. This issue
was corrected by changing the way livestreams are downloaded.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
April 10, 2019
| VAR-201912-0555 | CVE-2019-8541 | apple's iOS and watchOS Vulnerability in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs. apple's iOS and watchOS Exists in unspecified vulnerabilities.Information may be obtained. Both Apple iOS and Apple watchOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices. Privacy is one of the privacy information components. A security vulnerability exists in the Privacy component of Apple iOS versions prior to 12.2 and Apple watchOS versions prior to 5.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-27-1 watchOS 5.2
watchOS 5.2 is now available and addresses the following:
CFString
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
file
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Foundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google
Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel
Groß of Google Project Zero
GeoServices
Available for: Apple Watch Series 1 and later
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Kernel
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Passcode
Available for: Apple Watch Series 1 and later
Impact: A partially entered passcode may not clear when the device
goes to sleep
Description: An issue existed where partially entered passcodes may
not clear when the device went to sleep. This issue was addressed by
clearing the passcode when a locked device sleeps.
CVE-2019-8548: Tobias Sachs
Power Management
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: Apple Watch Series 1 and later
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
Siri
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Additional recognition
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7cpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GugRAA
tKuWyrX6EQy9jaNducv7s/nxmsgrUl5zrnNCCO2WKnNIHT8v+iRWFHZi+w1lTRW4
2rUTCVibxMSJLazyhPoU4Ngaor6MoABfzVJvSAMD1EeP2kAmk1Qg4vEAzuhlGcpF
zbq6OWxlGGU5YQHak2bhUEeaS1/EgSfdT7xVr+Iczh6f/6vDKluKc3yRKQODU8ZP
wA4S25wH5hXVjOeiit/6ZMj8NgBf0V8qbms4kWSoen+dFzoc2HhP9SJrViO57y+b
D1AHEJgPQIP/RB7jjskK6aOPQ3v3FaXSRnBn+Cyig9Ost+rVkOeARp72rCobyNBR
uCtUeEX09oyErlmVyR3Zg0mBSMkvPqK1CvBfWBb5SrZ05i6/OuYCCYnaStdRzcmM
e/7GI30HYjDbVtLhxCJO66pvtGpJluzmVkotg2IKefMC7zoruSEZilCBRdcS9pAZ
v0D9ioTw4cZ2RXpeCNNK4hjpSygWJdgdz7SlO2KuTHwuVWXXRiETJwG0IB8B8GJj
yHPZYu8HKkEA1dPBeOdbGuj9H/XbyCO4bWkPSAWQIW0IUsCwNmUp11oLGWb8pcFO
ypLKrlLr/JkDJpL5aVryYZSlzqwi1mBo8r22wjEtKLlFrCln3gecNcny4ykURluo
Pbnmdta0YH4vutI0PA/m+xA/Y4eMzRRRUlCNqZZHAGI=
=zRUq
-----END PGP SIGNATURE-----
| VAR-201912-0553 | CVE-2019-8537 | plural Apple Updates to product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. An information disclosure vulnerability exists in the Notes component of Apple macOS Mojave prior to 10.14.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro's Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external
monitor
Description: A lock handling issue was addressed with improved lock
handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre
(NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.
Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9
FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT
vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D
Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33
iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM
ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB
sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p
7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J
+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7
OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0
zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS
1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=
=QV0f
-----END PGP SIGNATURE-----
| VAR-201912-0556 | CVE-2019-8542 | Classic buffer overflow vulnerability in multiple Apple products |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges. iCloud , iTunes , iOS Classic buffer overflow vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Buffer overflow vulnerabilities exist in the iAP and CoreCrypto components in several Apple products. The following products and versions are affected: Apple iOS prior to 12.2; tvOS prior to 12.2; macOS Mojave prior to 10.14.4; Windows-based iTunes prior to 12.9.4; Windows-based iCloud prior to 7.11.
CVE-2019-8546: ChiYuan Chang
Passcode
Available for: Apple Watch Series 1 and later
Impact: A partially entered passcode may not clear when the device
goes to sleep
Description: An issue existed where partially entered passcodes may
not clear when the device went to sleep. This issue was addressed by
clearing the passcode when a locked device sleeps.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-3 tvOS 12.2
tvOS 12.2 is now available and addresses the following:
CFString
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
CoreCrypto
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
file
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Foundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google
Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel
Groß of Google Project Zero
GeoServices
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Power Management
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Siri
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
XPC
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7gpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EWyBAA
nFUeN7oBBPCdezabzgIAh29Mk1K+tgNeH0BIkyyPuoqeYd5UQK9cwZJ7Ww9J7uqB
nAH30awuCq8r8h3oLLOn8X9A/ORNxFKUZRF+8AbH00G0taATIFjseSwGwGz5/rG7
aPoi/Mh4ilWh8luQJVvPO7KTHTeJLSsiBOuvqUmDaJVxu1y10inVW3j1s8RtrOVt
BR+PZq7/BQ9wsSPxRS2bTQp3BX3m3aleadnZ9HkeXVB/9O8c5TrG6HIgfBNYMJFY
mGpQoCM1nCh8jaWmoO1gjP7B0W2DKPhE6jFmCtuRsmnOG3ROhGbXi6T6AOOI9EX3
233FgygUVZgs7t4dhz0UZ1EczQiQ4dL0YYL7J/LYMjaM31qul2cdJWTPb9ZFARFt
PHeyU1uHcJ2j67kGt1qepETUfWNa4W/RD3wUmKJdKBED65xOuwv9ijnEcAhzwh4F
q6UefOTf1PwszuzWpAi7rCyOWq3TqDF+r6som9j5q15fMPx+TakBA6/TKViWLRw1
ydoi3g2OkKpvgapzBdVAm9Rtcvr4B0uXtLUXL7heB6TP12UheSum817QQiLs4aqV
9syBL5XpFOJUdQPD0SMIzuhvaN2dugH2wc1BDeiv5H8nYvMx6oiebJN8CgJ3uo8Y
iJBethq6bdDVq8EfYN6vHCjH7bTFtcaCVgXWq5KJYp8=
=8uDf
-----END PGP SIGNATURE-----=
| VAR-201912-0550 | CVE-2019-8533 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. IOGraphics is one of the input and output graphics components. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro's Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user's locked notes
Description: An access issue was addressed with improved memory
management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre
(NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.
Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9
FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT
vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D
Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33
iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM
ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB
sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p
7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J
+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7
OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0
zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS
1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=
=QV0f
-----END PGP SIGNATURE-----
| VAR-201912-0554 | CVE-2019-8540 | Initialization vulnerability in multiple Apple products |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. iOS , Apple Mac OS X , tvOS A number of Apple products have vulnerabilities related to initialization.Information may be obtained. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Kernel is one of the kernels. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Security vulnerabilities exist in the Kernel component of Apple iOS versions prior to 12.2, tvOS versions prior to 12.2, and macOS Mojave versions prior to 10.14.4.
CVE-2019-8546: ChiYuan Chang
Passcode
Available for: Apple Watch Series 1 and later
Impact: A partially entered passcode may not clear when the device
goes to sleep
Description: An issue existed where partially entered passcodes may
not clear when the device went to sleep. This issue was addressed by
clearing the passcode when a locked device sleeps.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro's Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external
monitor
Description: A lock handling issue was addressed with improved lock
handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user's locked notes
Description: An access issue was addressed with improved memory
management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre
(NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.
Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9
FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT
vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D
Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33
iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM
ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB
sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p
7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J
+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7
OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0
zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS
1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=
=QV0f
-----END PGP SIGNATURE-----
.
Installation note:
Apple TV will periodically check for software updates
| VAR-201912-0548 | CVE-2019-8529 | apple's iOS and Apple Mac OS X Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges. apple's iOS and Apple Mac OS X Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the SCSITaskUserClient module. The issue triggers a write past the end of an allocated data structure. in the United States. Apple iOS is an operating system developed for mobile devices. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security vulnerability exists in the IOKit SCSI component in Apple iOS versions prior to 12.2 and macOS Mojave versions prior to 10.14.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may authorize an enterprise administrator to remotely
wipe their device without appropriate disclosure
Description: This issue was addressed with improved transparency.
CVE-2019-8512: an anonymous researcher, an anonymous researcher
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
GeoServices
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Clicking a malicious SMS link may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8553: an anonymous researcher
iAP
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
S/MIME signature spoofing
Description: This issue was addressed with improved checks.
CVE-2019-7284: Damian Poddebniak of Münster University of Applied
Sciences
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Power Management
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
Privacy
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A privacy issue existed in motion sensor calibration.
CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the
University of Cambridge, Ian Sheret of Polymath Insight Limited
ReplayKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access the microphone
without indication to the user
Description: An API issue existed in the handling of microphone data.
CVE-2019-8566: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access sensor information without
user consent
Description: A permissions issue existed in the handling of motion
and orientation data.
CVE-2019-8554: an anonymous researcher
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
TrueTypeScaler
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A website may be able to access the microphone without the
microphone use indicator being shown
Description: A consistency issue was addressed with improved state
handling.
CVE-2019-6222: Denis Markov of Resonance Software
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API.
CVE-2019-8515: James Lee (@Windowsrcer)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
XPC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Calendar
We would like to acknowledge Peter Hempsall of 104days.com, Sascha
Mogler of mogler.com, and an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Quick Look
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Screen Time
We would like to acknowledge Brandon Moore (@Brandonsecurity) for
their assistance.
WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA
kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu
136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9
ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz
fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx
7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1
LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD
m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4
+GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h
dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ
Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK
SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc=
=VAWG
-----END PGP SIGNATURE-----=
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R.
CVE-2019-8508: Dr.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update