Details of VAR-201904-1331

ID

VAR-201904-1331

CVE

CVE-2018-4456

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-010217

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14. macOS High Sierra and macOS Mojave Has a memory corruption vulnerability due to a lack of input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Intel HD Graphics 5000 is prone to multiple local privilege-escalation vulnerabilities. An attacker may exploit these issues to execute arbitrary code with kernel privileges. in the United States. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. An attacker could exploit this vulnerability to cause memory corruption. CVE-2019-8603: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative AMD Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Application Firewall Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2019-8590: The UK's National Cyber Security Centre (NCSC) CoreAudio Available for: macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved error handling. CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative CoreAudio Available for: macOS Mojave 10.14.4 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative DesktopServices Available for: macOS Mojave 10.14.4 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter Stelzhammer of AV-Comparatives Disk Images Available for: macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Disk Images Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University EFI Available for: macOS Mojave 10.14.4 Impact: A user may be unexpectedly logged in to another user's account Description: An authentication issue was addressed with improved state management. CVE-2019-8634: Jenny Sprenger and Maik Hoepfel Intel Graphics Driver Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Intel Graphics Driver Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8629: Arash Tohidi of Solita Oy IOAcceleratorFamily Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4456: Tyler Bohan of Cisco Talos IOKit Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A local user may be able to load unsigned kernel extensions Description: A validation issue existed in the handling of symlinks. CVE-2019-8606: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: macOS Mojave 10.14.4 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8604: Fluoroacetate working with Trend Micro's Zero Day Initiative SQLite Available for: macOS Mojave 10.14.4 Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research StreamingZip Available for: macOS Mojave 10.14.4 Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) Touch Bar Support Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8569: Viktor Oreshkin (@stek29) WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team Additional recognition CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge an anonymous researcher for their assistance. PackageKit We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance. System Preferences We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZsi4pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GJyhAA ipwQq4CCFG5VTwffHlYFo1WoFhj3LPVex/1v/atmSZvo1GA1C7OMRtjjY4W/66Dn scduO8amThzjp/oSbHaUMSgskpXNqBRLjKZQ02ErfWNhw3laVgPkd0dRqUGNTsa1 WLb6w0cHIozbEl17azkJs5SUojNjRm0+M/GgRMgFbZxbPJMTFpZRH0iKuUCT8cYg 3awkFYqSTWR0UYSIE+gb4VWVjvX5xUrpD6RdEX19cZr6FYT6cv63pGQtBdLTkp/L w5g3X1q4lv5aVqRetUzaOba16M319KAT9MRHBgM7XkFK+5Vdhtj70LUoutxTlPfK c1We70jxAd1BR+WzlxzvxzrWLjxHczSyBVqOOJpS0C99synNCAaTUVoiyQDh3M0k Qlpb4N3rtrVQAFF8rTkeI93wS3qdYPfCWt/Co20EQ5FaWG/+CZTmjbGq61TB1gJq KUymGfplPG1YJbu9UnjLyPF/ICMj8MkMGkSSMIwkG51rhlvJF7pa+fFNGuKt2jnh FTD/fHwWeTcqBq1/9NVPsvdbWk5o2e2xEDYG4EfcWDfSsbsW1g7WsO2LMaDB8EHg Hcy7GCbFYbsDTqVXERUXi6GDusM2UWLyXFqi5Cael1gCCXcPfM9/tn/vfJWxuId4 QvYyi/HZU0Ra1zsp6/2wNvPA+Uw+vGlLhSWgjCxvfLk= =934G -----END PGP SIGNATURE-----

Trust: 3.6

sources: NVD: CVE-2018-4456 // JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-014858 // JVNDB: JVNDB-2018-007762 // BID: 106779 // VULHUB: VHN-134487 // VULMON: CVE-2018-4456 // PACKETSTORM: 152845

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.9 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.2 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-003 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.2 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-006 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.2 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1.2 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14 earlier	Trust: 0.8
vendor:	intel	model:	hd graphics	scope:	eq	version:	50000	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.13.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.14.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.14	Trust: 0.3

sources: BID: 106779 // JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-014858 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4456
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4456
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-147
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134487
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4456
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4456
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134487
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4456
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134487 // VULMON: CVE-2018-4456 // JVNDB: JVNDB-2018-014858 // CNNVD: CNNVD-201904-147 // NVD: CVE-2018-4456

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134487 // JVNDB: JVNDB-2018-014858 // NVD: CVE-2018-4456

THREAT TYPE

local

Trust: 0.9

sources: BID: 106779 // CNNVD: CNNVD-201904-147

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-147

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010217

PATCH

title:	About the security content of macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra	url:	https://support.apple.com/en-us/HT209341	Trust: 1.6
title:	HT209139	url:	https://support.apple.com/en-us/HT209139	Trust: 1.6
title:	About the security content of tvOS 12.1.1	url:	https://support.apple.com/en-us/HT209342	Trust: 0.8
title:	About the security content of watchOS 5.1.2	url:	https://support.apple.com/ja-jp/HT209343	Trust: 0.8
title:	About the security content of Safari 12.0.2	url:	https://support.apple.com/en-us/HT209344	Trust: 0.8
title:	About the security content of iCloud for Windows 7.9	url:	https://support.apple.com/en-us/HT209346	Trust: 0.8
title:	About the security content of iOS 12.1.1	url:	https://support.apple.com/en-us/HT209340	Trust: 0.8
title:	About the security content of iTunes 12.9.2 for Windows	url:	https://support.apple.com/en-us/HT209345	Trust: 0.8
title:	HT208937	url:	https://support.apple.com/en-us/HT208937	Trust: 0.8
title:	HT209139	url:	https://support.apple.com/ja-jp/HT209139	Trust: 0.8
title:	HT209341	url:	https://support.apple.com/ja-jp/HT209341	Trust: 0.8
title:	HT208937	url:	https://support.apple.com/ja-jp/HT208937	Trust: 0.8
title:	Apple macOS High Sierra and Apple macOS Mojave Intel Graphics Driver Fixes for component vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91070	Trust: 0.6

sources: JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-014858 // JVNDB: JVNDB-2018-007762 // CNNVD: CNNVD-201904-147

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4456	Trust: 3.0
db:	JVN	id:	JVNVU92431031	Trust: 1.6
db:	JVN	id:	JVNVU99356481	Trust: 1.6
db:	PACKETSTORM	id:	152845	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-010217	Trust: 0.8
db:	JVN	id:	JVNVU93082496	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014858	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007762	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-147	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1695	Trust: 0.6
db:	TALOS	id:	TALOS-2018-0614	Trust: 0.3
db:	BID	id:	106779	Trust: 0.3
db:	VULHUB	id:	VHN-134487	Trust: 0.1
db:	VULMON	id:	CVE-2018-4456	Trust: 0.1

sources: VULHUB: VHN-134487 // VULMON: CVE-2018-4456 // BID: 106779 // JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-014858 // JVNDB: JVNDB-2018-007762 // PACKETSTORM: 152845 // CNNVD: CNNVD-201904-147 // NVD: CVE-2018-4456

REFERENCES

url:	http://seclists.org/fulldisclosure/2019/may/20	Trust: 1.9
url:	https://seclists.org/bugtraq/2019/may/27	Trust: 1.8
url:	https://support.apple.com/kb/ht210119	Trust: 1.8
url:	https://support.apple.com/kb/ht208937	Trust: 1.8
url:	https://support.apple.com/kb/ht209139	Trust: 1.8
url:	https://support.apple.com/kb/ht209341	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4456	Trust: 1.5
url:	https://jvn.jp/vu/jvnvu92431031/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4456	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93082496/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92431031/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/	Trust: 0.8
url:	https://support.apple.com/en-au/ht210119	Trust: 0.6
url:	https://support.apple.com/en-us/ht210119	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80826	Trust: 0.6
url:	https://packetstormsecurity.com/files/152845/apple-security-advisory-2019-5-13-2.html	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3
url:	https://support.apple.com/en-in/ht209341	Trust: 0.3
url:	https://support.apple.com/en-us/ht209139	Trust: 0.3
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0614	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8587	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8560	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8598	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8592	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8584	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8585	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8601	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8590	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8596	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8597	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8577	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8600	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8594	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8574	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 152845 // CNNVD: CNNVD-201904-147

SOURCES

db:	VULHUB	id:	VHN-134487
db:	VULMON	id:	CVE-2018-4456
db:	BID	id:	106779
db:	JVNDB	id:	JVNDB-2018-010217
db:	JVNDB	id:	JVNDB-2018-014858
db:	JVNDB	id:	JVNDB-2018-007762
db:	PACKETSTORM	id:	152845
db:	CNNVD	id:	CNNVD-201904-147
db:	NVD	id:	CVE-2018-4456

LAST UPDATE DATE

2024-11-23T20:33:47.290000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134487	date:	2019-05-14T00:00:00
db:	VULMON	id:	CVE-2018-4456	date:	2019-05-14T00:00:00
db:	BID	id:	106779	date:	2019-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010217	date:	2018-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-014858	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201904-147	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2018-4456	date:	2024-11-21T04:07:26.313

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134487	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4456	date:	2019-04-03T00:00:00
db:	BID	id:	106779	date:	2019-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010217	date:	2018-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-014858	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	PACKETSTORM	id:	152845	date:	2019-05-14T00:28:29
db:	CNNVD	id:	CNNVD-201904-147	date:	2019-04-03T00:00:00
db:	NVD	id:	CVE-2018-4456	date:	2019-04-03T18:29:16.940