CVE-2019-8562

Published: Dec 18, 2019Modified: Nov 21, 2024

9.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 6.0

Source: NVD

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

Affected (4)

Products: Apple: Iphone Os, Itunes, Safari, Tvos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 12.2
Apple Itunes	Before 12.9.4
Apple Safari	Before 12.1
Apple Tvos	Before 12.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://support.apple.com/HT209599

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209601

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209603

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209604

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT209599

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT209601

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT209603

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT209604

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.