ID

VAR-201912-0499


CVE

CVE-2019-8561


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001923

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. PackageKit is one of the package management components. An input validation error vulnerability exists in the PackageKit component of Apple macOS Mojave prior to 10.14.4

Trust: 1.8

sources: NVD: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // VULHUB: VHN-159996 // VULMON: CVE-2019-8561

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.11 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.2 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.4 for windows earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2019-002 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.4 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2019-002 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.2 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.2 earlier

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:10.2 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-001923 // NVD: CVE-2019-8561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8561
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201903-956
value: HIGH

Trust: 0.6

VULHUB: VHN-159996
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8561
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8561
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-159996
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8561
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-159996 // NVD: CVE-2019-8561

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-956

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-956

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001923

PATCH

title:About the security content of iCloud for Windows 7.11url:https://support.apple.com/en-us/HT209605

Trust: 0.8

title:About the security content of watchOS 5.2url:https://support.apple.com/en-us/HT209602

Trust: 0.8

title:About the security content of iOS 12.2url:https://support.apple.com/en-us/HT209599

Trust: 0.8

title:About the security content of Xcode 10.2url:https://support.apple.com/en-us/HT209606

Trust: 0.8

title:About the security content of tvOS 12.2url:https://support.apple.com/en-us/HT209601

Trust: 0.8

title:About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierraurl:https://support.apple.com/en-us/HT209600

Trust: 0.8

title:About the security content of Safari 12.1url:https://support.apple.com/en-us/HT209603

Trust: 0.8

title:About the security content of iTunes 12.9.4 for Windowsurl:https://support.apple.com/en-us/HT209604

Trust: 0.8

title:Apple macOS Mojave PackageKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90400

Trust: 0.6

title:Apple: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierraurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=71ec5bcffc9e0f0f386b31db20244ce1

Trust: 0.1

title:CVE-2019-8561url:https://github.com/0xmachos/CVE-2019-8561

Trust: 0.1

sources: VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956

EXTERNAL IDS

db:NVDid:CVE-2019-8561

Trust: 2.6

db:JVNid:JVNVU93236010

Trust: 0.8

db:JVNDBid:JVNDB-2019-001923

Trust: 0.8

db:CNNVDid:CNNVD-201903-956

Trust: 0.7

db:AUSCERTid:ESB-2019.0990

Trust: 0.6

db:VULHUBid:VHN-159996

Trust: 0.1

db:VULMONid:CVE-2019-8561

Trust: 0.1

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

REFERENCES

url:https://support.apple.com/ht209600

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8561

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93236010/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8553

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8513

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8558

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6207

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8519

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8559

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6232

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8520

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6236

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8522

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8562

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8563

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6239

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8526

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8565

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8507

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8533

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8567

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8556

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8508

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8537

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8555

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8510

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8554

Trust: 0.8

url:https://support.apple.com/en-au/ht209600

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-28853

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77806

Trust: 0.6

url:https://support.apple.com/en-us/ht209600

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/0xmachos/cve-2019-8561

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht209600

Trust: 0.1

sources: VULHUB: VHN-159996 // VULMON: CVE-2019-8561 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-956 // NVD: CVE-2019-8561

SOURCES

db:VULHUBid:VHN-159996
db:VULMONid:CVE-2019-8561
db:JVNDBid:JVNDB-2019-001923
db:CNNVDid:CNNVD-201903-956
db:NVDid:CVE-2019-8561

LAST UPDATE DATE

2024-08-14T12:05:02.353000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-159996date:2019-12-20T00:00:00
db:VULMONid:CVE-2019-8561date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-001923date:2020-01-06T00:00:00
db:CNNVDid:CNNVD-201903-956date:2021-10-29T00:00:00
db:NVDid:CVE-2019-8561date:2019-12-20T16:41:30.640

SOURCES RELEASE DATE

db:VULHUBid:VHN-159996date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8561date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-001923date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201903-956date:2019-03-26T00:00:00
db:NVDid:CVE-2019-8561date:2019-12-18T18:15:26.287