Details of VAR-201912-0493

ID

VAR-201912-0493

CVE

CVE-2019-8554

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001923

DESCRIPTION

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Safari is one of the dedicated components of the Safari browser. A security vulnerability exists in the Safari component in Apple iOS versions prior to 12.2

Trust: 1.71

sources: NVD: CVE-2019-8554 // JVNDB: JVNDB-2019-001923 // VULHUB: VHN-159989

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	12.2	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.11 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.4 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.4 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	10.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-001923 // NVD: CVE-2019-8554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8554
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201903-969
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-159989
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8554
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-159989
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8554
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-159989 // CNNVD: CNNVD-201903-969 // NVD: CVE-2019-8554

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-8554

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-969

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201903-969

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001923

PATCH

title:	About the security content of iCloud for Windows 7.11	url:	https://support.apple.com/en-us/HT209605	Trust: 0.8
title:	About the security content of watchOS 5.2	url:	https://support.apple.com/en-us/HT209602	Trust: 0.8
title:	About the security content of iOS 12.2	url:	https://support.apple.com/en-us/HT209599	Trust: 0.8
title:	About the security content of Xcode 10.2	url:	https://support.apple.com/en-us/HT209606	Trust: 0.8
title:	About the security content of tvOS 12.2	url:	https://support.apple.com/en-us/HT209601	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://support.apple.com/en-us/HT209600	Trust: 0.8
title:	About the security content of Safari 12.1	url:	https://support.apple.com/en-us/HT209603	Trust: 0.8
title:	About the security content of iTunes 12.9.4 for Windows	url:	https://support.apple.com/en-us/HT209604	Trust: 0.8
title:	Apple iOS Safari Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90413	Trust: 0.6

sources: JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-969

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8554	Trust: 2.5
db:	JVN	id:	JVNVU93236010	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-001923	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-969	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0991	Trust: 0.6
db:	VULHUB	id:	VHN-159989	Trust: 0.1

sources: VULHUB: VHN-159989 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-969 // NVD: CVE-2019-8554

REFERENCES

url:	https://support.apple.com/ht209599	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8554	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93236010/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8553	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8513	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8558	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6207	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8519	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8559	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6232	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8520	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8561	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6236	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8522	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8562	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8563	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6239	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8526	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8565	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8507	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8533	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8567	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8556	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8508	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8537	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8555	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8510	Trust: 0.8
url:	https://support.apple.com/en-au/ht209599	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77810	Trust: 0.6

sources: VULHUB: VHN-159989 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-969 // NVD: CVE-2019-8554

SOURCES

db:	VULHUB	id:	VHN-159989
db:	JVNDB	id:	JVNDB-2019-001923
db:	CNNVD	id:	CNNVD-201903-969
db:	NVD	id:	CVE-2019-8554

LAST UPDATE DATE

2024-08-14T12:42:25.081000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-159989	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2020-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201903-969	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-8554	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-159989	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2019-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201903-969	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2019-8554	date:	2019-12-18T18:15:25.803