CVE-2019-6214

Published: Mar 5, 2019Modified: Nov 21, 2024

8.6

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

Affected (4)

Products: Apple: Iphone Os, Mac Os X, Tv Os, Watchos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 12.1.3
Apple Mac Os X	Before 10.14.3
Apple Tv Os	Before 12.1.2
Apple Watchos	Before 5.1.3

Related CWEs

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (12)

http://www.securityfocus.com/bid/106739

Source: product-security@apple.com

Third Party Advisory

https://support.apple.com/HT209443

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209446

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209447

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209448

Source: product-security@apple.com

Vendor Advisory

https://www.exploit-db.com/exploits/46298/

Source: product-security@apple.com

ExploitThird Party Advisory

http://www.securityfocus.com/bid/106739