ID

VAR-201912-0592


CVE

CVE-2019-8577


TITLE

plural Apple Product input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013426

DESCRIPTION

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. plural Apple The product contains an input validation vulnerability due to a flaw in memory handling.You may be able to elevate privileges through the application. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. An information-disclosure vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the affected application, disclose sensitive information, elevate privileges, and perform unauthorized actions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----

Trust: 3.33

sources: NVD: CVE-2019-8577 // JVNDB: JVNDB-2019-013426 // JVNDB: JVNDB-2019-004252 // BID: 108491 // VULHUB: VHN-160012 // VULMON: CVE-2019-8577 // PACKETSTORM: 152847 // PACKETSTORM: 152846 // PACKETSTORM: 153116 // PACKETSTORM: 152845 // PACKETSTORM: 152844 // PACKETSTORM: 153117

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:10.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2.1

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:10.0

Trust: 1.0

vendor:applemodel:safariscope:ltversion:12.1.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.12

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 10.4 (windows 10 18362.145 or later )

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.12 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9.5 (windows 7 or later )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.3 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.3 (apple tv hd)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.2.1 (apple watch series 1 or later )

Trust: 0.8

vendor:applemodel:airmac base stationscope:ltversion:update 7.9.1 earlier

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.12 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9.5 earlier

Trust: 0.8

vendor:sqlitemodel:sqlitescope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:80

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:70

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:10

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.6.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.0.163

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1.42

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1.10

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.0.80

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2.12

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.9

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.11

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.10

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:neversion:12.9.5

Trust: 0.3

vendor:applemodel:icloudscope:neversion:7.12

Trust: 0.3

sources: BID: 108491 // JVNDB: JVNDB-2019-013426 // JVNDB: JVNDB-2019-004252 // NVD: CVE-2019-8577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8577
value: HIGH

Trust: 1.0

NVD: CVE-2019-8577
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-511
value: HIGH

Trust: 0.6

VULHUB: VHN-160012
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8577
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8577
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-160012
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8577
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-8577
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160012 // VULMON: CVE-2019-8577 // JVNDB: JVNDB-2019-013426 // CNNVD: CNNVD-201905-511 // NVD: CVE-2019-8577

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-20

Trust: 0.8

sources: VULHUB: VHN-160012 // JVNDB: JVNDB-2019-013426 // NVD: CVE-2019-8577

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-511

TYPE

code execution

Trust: 0.6

sources: PACKETSTORM: 152847 // PACKETSTORM: 152846 // PACKETSTORM: 153116 // PACKETSTORM: 152845 // PACKETSTORM: 152844 // PACKETSTORM: 153117

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013426

PATCH

title:HT210124url:https://support.apple.com/en-us/HT210124

Trust: 1.6

title:HT210125url:https://support.apple.com/en-us/HT210125

Trust: 1.6

title:HT210118url:https://support.apple.com/en-us/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/en-us/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/en-us/HT210120

Trust: 0.8

title:HT210122url:https://support.apple.com/en-us/HT210122

Trust: 0.8

title:HT210212url:https://support.apple.com/en-us/HT210212

Trust: 0.8

title:HT210118url:https://support.apple.com/ja-jp/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/ja-jp/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/ja-jp/HT210120

Trust: 0.8

title:HT210124url:https://support.apple.com/ja-jp/HT210124

Trust: 0.8

title:HT210125url:https://support.apple.com/ja-jp/HT210125

Trust: 0.8

title:HT210212url:https://support.apple.com/ja-jp/HT210212

Trust: 0.8

title:HT210122url:https://support.apple.com/ja-jp/HT210122

Trust: 0.8

title:About the security content of AirPort Base Station Firmware Update 7.9.1url:https://support.apple.com/en-us/HT210090

Trust: 0.8

title:Multiple Apple product SQLite Fixes for component input validation error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92667

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/

Trust: 0.2

title:Threatposturl:https://threatpost.com/sqlite-exploits-iphone-hack/147203/

Trust: 0.1

sources: VULMON: CVE-2019-8577 // JVNDB: JVNDB-2019-013426 // JVNDB: JVNDB-2019-004252 // CNNVD: CNNVD-201905-511

EXTERNAL IDS

db:NVDid:CVE-2019-8577

Trust: 3.5

db:JVNid:JVNVU98453159

Trust: 1.6

db:BIDid:108491

Trust: 1.0

db:JVNid:JVNVU93988385

Trust: 0.8

db:JVNid:JVNVU95342995

Trust: 0.8

db:JVNDBid:JVNDB-2019-013426

Trust: 0.8

db:JVNDBid:JVNDB-2019-004252

Trust: 0.8

db:CNNVDid:CNNVD-201905-511

Trust: 0.7

db:PACKETSTORMid:152847

Trust: 0.7

db:PACKETSTORMid:153117

Trust: 0.7

db:AUSCERTid:ESB-2019.1697

Trust: 0.6

db:AUSCERTid:ESB-2019.1922

Trust: 0.6

db:VULHUBid:VHN-160012

Trust: 0.1

db:VULMONid:CVE-2019-8577

Trust: 0.1

db:PACKETSTORMid:152846

Trust: 0.1

db:PACKETSTORMid:153116

Trust: 0.1

db:PACKETSTORMid:152845

Trust: 0.1

db:PACKETSTORMid:152844

Trust: 0.1

sources: VULHUB: VHN-160012 // VULMON: CVE-2019-8577 // BID: 108491 // JVNDB: JVNDB-2019-013426 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152847 // PACKETSTORM: 152846 // PACKETSTORM: 153116 // PACKETSTORM: 152845 // PACKETSTORM: 152844 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-511 // NVD: CVE-2019-8577

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-8577

Trust: 2.0

url:https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/

Trust: 1.8

url:https://support.apple.com/ht210118

Trust: 1.8

url:https://support.apple.com/ht210119

Trust: 1.8

url:https://support.apple.com/ht210120

Trust: 1.8

url:https://support.apple.com/ht210122

Trust: 1.8

url:https://support.apple.com/ht210124

Trust: 1.8

url:https://support.apple.com/ht210125

Trust: 1.8

url:https://support.apple.com/ht210212

Trust: 1.8

url:https://www.sqlite.org/

Trust: 0.9

url:https://lists.apple.com/archives/security-announce/2019/may/msg00007.html

Trust: 0.9

url:https://lists.apple.com/archives/security-announce/2019/may/msg00006.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8577

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93988385/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu98453159/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95342995/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98453159/

Trust: 0.8

url:https://www.securityfocus.com/bid/108491

Trust: 0.7

url:https://support.apple.com/kb/ht201222

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8598

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8601

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8583

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8602

Trust: 0.6

url:https://www.apple.com/support/security/pgp/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8600

Trust: 0.6

url:https://support.apple.com/en-au/ht210122

Trust: 0.6

url:https://support.apple.com/kb/ht210125

Trust: 0.6

url:https://packetstormsecurity.com/files/153117/apple-security-advisory-2019-5-28-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80842

Trust: 0.6

url:https://support.apple.com/en-us/ht210125

Trust: 0.6

url:https://support.apple.com/en-us/ht210124

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1922/

Trust: 0.6

url:https://packetstormsecurity.com/files/152847/apple-security-advisory-2019-5-13-4.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8607

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8587

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-6237

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8595

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8584

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8596

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8586

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8597

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8571

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8594

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-8560

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8576

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8591

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8585

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8568

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8574

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8610

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8608

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8609

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-8623

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8605

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8593

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8622

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8611

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8628

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8619

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/sqlite-exploits-iphone-hack/147203/

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8637

Trust: 0.1

url:https://support.apple.com/ht204283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8590

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4456

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8599

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

sources: VULHUB: VHN-160012 // VULMON: CVE-2019-8577 // BID: 108491 // JVNDB: JVNDB-2019-013426 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152847 // PACKETSTORM: 152846 // PACKETSTORM: 153116 // PACKETSTORM: 152845 // PACKETSTORM: 152844 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-511 // NVD: CVE-2019-8577

CREDITS

Apple

Trust: 0.6

sources: PACKETSTORM: 152847 // PACKETSTORM: 152846 // PACKETSTORM: 153116 // PACKETSTORM: 152845 // PACKETSTORM: 152844 // PACKETSTORM: 153117

SOURCES

db:VULHUBid:VHN-160012
db:VULMONid:CVE-2019-8577
db:BIDid:108491
db:JVNDBid:JVNDB-2019-013426
db:JVNDBid:JVNDB-2019-004252
db:PACKETSTORMid:152847
db:PACKETSTORMid:152846
db:PACKETSTORMid:153116
db:PACKETSTORMid:152845
db:PACKETSTORMid:152844
db:PACKETSTORMid:153117
db:CNNVDid:CNNVD-201905-511
db:NVDid:CVE-2019-8577

LAST UPDATE DATE

2024-11-11T22:10:28.036000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160012date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-8577date:2020-08-24T00:00:00
db:BIDid:108491date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2019-013426date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-004252date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-511date:2021-11-03T00:00:00
db:NVDid:CVE-2019-8577date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-160012date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8577date:2019-12-18T00:00:00
db:BIDid:108491date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2019-013426date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-004252date:2019-05-30T00:00:00
db:PACKETSTORMid:152847date:2019-05-14T00:29:10
db:PACKETSTORMid:152846date:2019-05-14T00:28:51
db:PACKETSTORMid:153116date:2019-05-29T13:23:53
db:PACKETSTORMid:152845date:2019-05-14T00:28:29
db:PACKETSTORMid:152844date:2019-05-14T00:27:53
db:PACKETSTORMid:153117date:2019-05-29T13:24:19
db:CNNVDid:CNNVD-201905-511date:2019-05-14T00:00:00
db:NVDid:CVE-2019-8577date:2019-12-18T18:15:27.067