CVE-2019-8789

Published: Dec 18, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.

Affected (3)

Products: Apple: Ipados, Iphone Os, Mac Os X

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 13.2
Apple Iphone Os	Before 13.2
Apple Mac Os X	Before 10.15.1

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

https://support.apple.com/HT210721

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT210722

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT210721

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT210722

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.