Details of VAR-201912-0499

ID

VAR-201912-0499

CVE

CVE-2019-8561

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001923

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. PackageKit is one of the package management components. An input validation error vulnerability exists in the PackageKit component of Apple macOS Mojave prior to 10.14.4

Trust: 1.8

sources: NVD: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // VULHUB: VHN-159996 // VULMON: CVE-2019-8561

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.4	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.11 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.4 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.4 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	10.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-001923 // NVD: CVE-2019-8561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8561
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201903-956
value:	HIGH
Trust: 0.6
VULHUB:	VHN-159996
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8561
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8561
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-159996
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8561
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-159996 // NVD: CVE-2019-8561

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-956

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-956

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001923

PATCH

title:	About the security content of iCloud for Windows 7.11	url:	https://support.apple.com/en-us/HT209605	Trust: 0.8
title:	About the security content of watchOS 5.2	url:	https://support.apple.com/en-us/HT209602	Trust: 0.8
title:	About the security content of iOS 12.2	url:	https://support.apple.com/en-us/HT209599	Trust: 0.8
title:	About the security content of Xcode 10.2	url:	https://support.apple.com/en-us/HT209606	Trust: 0.8
title:	About the security content of tvOS 12.2	url:	https://support.apple.com/en-us/HT209601	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://support.apple.com/en-us/HT209600	Trust: 0.8
title:	About the security content of Safari 12.1	url:	https://support.apple.com/en-us/HT209603	Trust: 0.8
title:	About the security content of iTunes 12.9.4 for Windows	url:	https://support.apple.com/en-us/HT209604	Trust: 0.8
title:	Apple macOS Mojave PackageKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90400	Trust: 0.6
title:	Apple: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=71ec5bcffc9e0f0f386b31db20244ce1	Trust: 0.1
title:	CVE-2019-8561	url:	https://github.com/0xmachos/CVE-2019-8561	Trust: 0.1

sources: VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8561	Trust: 2.6
db:	JVN	id:	JVNVU93236010	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-001923	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-956	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0990	Trust: 0.6
db:	VULHUB	id:	VHN-159996	Trust: 0.1
db:	VULMON	id:	CVE-2019-8561	Trust: 0.1

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

REFERENCES

url:	https://support.apple.com/ht209600	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8561	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93236010/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8553	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8513	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8558	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6207	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8519	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8559	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6232	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8520	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6236	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8522	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8562	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8563	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6239	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8526	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8565	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8507	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8533	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8567	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8556	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8508	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8537	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8555	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8510	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8554	Trust: 0.8
url:	https://support.apple.com/en-au/ht209600	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-28853	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77806	Trust: 0.6
url:	https://support.apple.com/en-us/ht209600	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/0xmachos/cve-2019-8561	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht209600	Trust: 0.1

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

SOURCES

db:	VULHUB	id:	VHN-159996
db:	VULMON	id:	CVE-2019-8561
db:	JVNDB	id:	JVNDB-2019-001923
db:	CNNVD	id:	CNNVD-201903-956
db:	NVD	id:	CVE-2019-8561

LAST UPDATE DATE

2024-08-14T12:05:02.353000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-159996	date:	2019-12-20T00:00:00
db:	VULMON	id:	CVE-2019-8561	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2020-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201903-956	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8561	date:	2019-12-20T16:41:30.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-159996	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8561	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2019-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201903-956	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2019-8561	date:	2019-12-18T18:15:26.287