Details of VAR-201912-0609

ID

VAR-201912-0609

CVE

CVE-2019-8601

TITLE

plural Apple Memory corruption vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013431

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the emitAllocateButterfly method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. An input validation error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1; watchOS prior to 5.2.1; Windows-based iTunes prior to 12.9.5 ; Windows-based iCloud versions prior to 7.12 and 10.4. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). Installation note: Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----

Trust: 4.05

sources: NVD: CVE-2019-8601 // JVNDB: JVNDB-2019-013431 // JVNDB: JVNDB-2019-004252 // ZDI: ZDI-19-765 // BID: 108497 // VULHUB: VHN-160036 // VULMON: CVE-2019-8601 // PACKETSTORM: 152846 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 159375 // PACKETSTORM: 152844 // PACKETSTORM: 152845 // PACKETSTORM: 153117

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	12.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.2.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.4	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.4 (windows 10 18362.145 or later )	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.12 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos high sierra 10.13.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos mojave 10.14.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.3 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2.1 (apple watch series 1 or later )	Trust: 0.8
vendor:	apple	model:	airmac base station	scope:	lt	version:	update 7.9.1 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.12 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.5 earlier	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.6.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.9	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.5	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.11	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.10	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	12.9.5	Trust: 0.3
vendor:	apple	model:	icloud	scope:	ne	version:	7.12	Trust: 0.3

sources: ZDI: ZDI-19-765 // BID: 108497 // JVNDB: JVNDB-2019-013431 // JVNDB: JVNDB-2019-004252 // NVD: CVE-2019-8601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8601
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-8601
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-8601
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201905-524
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160036
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8601
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8601
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-160036
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8601
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8601
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-8601
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-765 // VULHUB: VHN-160036 // VULMON: CVE-2019-8601 // JVNDB: JVNDB-2019-013431 // CNNVD: CNNVD-201905-524 // NVD: CVE-2019-8601

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.9
problemtype:	CWE-787	Trust: 1.0

sources: VULHUB: VHN-160036 // JVNDB: JVNDB-2019-013431 // NVD: CVE-2019-8601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-524

TYPE

code execution

Trust: 0.6

sources: PACKETSTORM: 152846 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 152844 // PACKETSTORM: 152845 // PACKETSTORM: 153117

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013431

PATCH

title:	HT210125	url:	https://support.apple.com/en-us/HT210125	Trust: 2.3
title:	HT210124	url:	https://support.apple.com/en-us/HT210124	Trust: 1.6
title:	HT210212	url:	https://support.apple.com/en-us/HT210212	Trust: 0.8
title:	HT210118	url:	https://support.apple.com/en-us/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/en-us/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/en-us/HT210120	Trust: 0.8
title:	HT210122	url:	https://support.apple.com/en-us/HT210122	Trust: 0.8
title:	HT210123	url:	https://support.apple.com/en-us/HT210123	Trust: 0.8
title:	HT210125	url:	https://support.apple.com/ja-jp/HT210125	Trust: 0.8
title:	HT210212	url:	https://support.apple.com/ja-jp/HT210212	Trust: 0.8
title:	HT210118	url:	https://support.apple.com/ja-jp/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/ja-jp/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/ja-jp/HT210120	Trust: 0.8
title:	HT210122	url:	https://support.apple.com/ja-jp/HT210122	Trust: 0.8
title:	HT210123	url:	https://support.apple.com/ja-jp/HT210123	Trust: 0.8
title:	HT210124	url:	https://support.apple.com/ja-jp/HT210124	Trust: 0.8
title:	About the security content of AirPort Base Station Firmware Update 7.9.1	url:	https://support.apple.com/en-us/HT210090	Trust: 0.8
title:	Multiple Apple product WebKit Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92680	Trust: 0.6
title:	Red Hat: Moderate: webkitgtk4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204035 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1563	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1563	Trust: 0.1
title:	CVE-2019-8601	url:	https://github.com/BadAccess11/CVE-2019-8601	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1

sources: ZDI: ZDI-19-765 // VULMON: CVE-2019-8601 // JVNDB: JVNDB-2019-013431 // JVNDB: JVNDB-2019-004252 // CNNVD: CNNVD-201905-524

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8601	Trust: 4.3
db:	JVN	id:	JVNVU98453159	Trust: 1.6
db:	BID	id:	108497	Trust: 1.0
db:	PACKETSTORM	id:	159375	Trust: 0.8
db:	JVN	id:	JVNVU93988385	Trust: 0.8
db:	JVN	id:	JVNVU95342995	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013431	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004252	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8359	Trust: 0.7
db:	ZDI	id:	ZDI-19-765	Trust: 0.7
db:	CNNVD	id:	CNNVD-201905-524	Trust: 0.7
db:	PACKETSTORM	id:	152849	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1697	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3399	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1849	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3700	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1922	Trust: 0.6
db:	PACKETSTORM	id:	152983	Trust: 0.6
db:	CNVD	id:	CNVD-2020-19949	Trust: 0.1
db:	VULHUB	id:	VHN-160036	Trust: 0.1
db:	VULMON	id:	CVE-2019-8601	Trust: 0.1
db:	PACKETSTORM	id:	152846	Trust: 0.1
db:	PACKETSTORM	id:	153116	Trust: 0.1
db:	PACKETSTORM	id:	152844	Trust: 0.1
db:	PACKETSTORM	id:	152845	Trust: 0.1
db:	PACKETSTORM	id:	153117	Trust: 0.1

sources: ZDI: ZDI-19-765 // VULHUB: VHN-160036 // VULMON: CVE-2019-8601 // BID: 108497 // JVNDB: JVNDB-2019-013431 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152846 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 159375 // PACKETSTORM: 152844 // PACKETSTORM: 152845 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-524 // NVD: CVE-2019-8601

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-8601	Trust: 2.1
url:	https://support.apple.com/ht210118	Trust: 1.8
url:	https://support.apple.com/ht210119	Trust: 1.8
url:	https://support.apple.com/ht210120	Trust: 1.8
url:	https://support.apple.com/ht210122	Trust: 1.8
url:	https://support.apple.com/ht210123	Trust: 1.8
url:	https://support.apple.com/ht210124	Trust: 1.8
url:	https://support.apple.com/ht210125	Trust: 1.8
url:	https://support.apple.com/ht210212	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu98453159/	Trust: 1.6
url:	https://support.apple.com/en-us/ht210125	Trust: 1.3
url:	https://www.apple.com/	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/may/msg00007.html	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/may/msg00006.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8601	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93988385/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu95342995/	Trust: 0.8
url:	https://www.securityfocus.com/bid/108497	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8587	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8595	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8584	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8583	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8596	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8586	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8597	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8571	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8594	Trust: 0.7
url:	https://support.apple.com/kb/ht201222	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8610	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8607	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8608	Trust: 0.6
url:	https://www.apple.com/support/security/pgp/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8609	Trust: 0.6
url:	https://support.apple.com/en-au/ht210122	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191850-1.html	Trust: 0.6
url:	https://wpewebkit.org/security/wsa-2019-0003.html	Trust: 0.6
url:	https://webkitgtk.org/security/wsa-2019-0003.html	Trust: 0.6
url:	https://support.apple.com/kb/ht210125	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webkit-multiple-vulnerabilities-29366	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3700/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159375/red-hat-security-advisory-2020-4035-01.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht210123	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80842	Trust: 0.6
url:	https://packetstormsecurity.com/files/152849/apple-security-advisory-2019-5-13-5.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1849/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3399/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1922/	Trust: 0.6
url:	https://packetstormsecurity.com/files/152983/webkitgtk-wpe-webkit-code-execution.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8598	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8611	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8602	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8577	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8600	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8615	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8560	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8576	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8591	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8585	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8568	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8574	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8628	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8623	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8619	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8622	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8605	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8593	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://github.com/badaccess11/cve-2019-8601	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://alas.aws.amazon.com/al2/alas-2020-1563.html	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8768	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8544	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8611	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8676	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11070	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8607	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8733	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8707	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8658	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8535	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8551	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8594	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8601	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8524	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8688	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8765	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8524	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8821	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8536	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8686	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8671	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8763	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8544	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8571	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8677	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8595	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8679	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8674	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8622	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8681	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6237	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8669	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8673	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4035	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8559	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8687	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8672	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8608	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8666	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8684	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8689	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8563	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8551	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8726	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8596	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8610	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11070	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8644	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8584	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8536	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8680	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8559	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8609	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8822	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8587	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8683	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8649	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8583	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8597	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8592	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8590	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4456	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1

CREDITS

fluoroacetate (@fluoroacetate)

Trust: 0.7

sources: ZDI: ZDI-19-765

SOURCES

db:	ZDI	id:	ZDI-19-765
db:	VULHUB	id:	VHN-160036
db:	VULMON	id:	CVE-2019-8601
db:	BID	id:	108497
db:	JVNDB	id:	JVNDB-2019-013431
db:	JVNDB	id:	JVNDB-2019-004252
db:	PACKETSTORM	id:	152846
db:	PACKETSTORM	id:	152849
db:	PACKETSTORM	id:	153116
db:	PACKETSTORM	id:	159375
db:	PACKETSTORM	id:	152844
db:	PACKETSTORM	id:	152845
db:	PACKETSTORM	id:	153117
db:	CNNVD	id:	CNNVD-201905-524
db:	NVD	id:	CVE-2019-8601

LAST UPDATE DATE

2024-09-18T23:23:01.843000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-765	date:	2019-08-27T00:00:00
db:	VULHUB	id:	VHN-160036	date:	2019-12-20T00:00:00
db:	VULMON	id:	CVE-2019-8601	date:	2021-07-21T00:00:00
db:	BID	id:	108497	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-013431	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004252	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-524	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-8601	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-765	date:	2019-08-27T00:00:00
db:	VULHUB	id:	VHN-160036	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8601	date:	2019-12-18T00:00:00
db:	BID	id:	108497	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-013431	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004252	date:	2019-05-30T00:00:00
db:	PACKETSTORM	id:	152846	date:	2019-05-14T00:28:51
db:	PACKETSTORM	id:	152849	date:	2019-05-14T00:30:08
db:	PACKETSTORM	id:	153116	date:	2019-05-29T13:23:53
db:	PACKETSTORM	id:	159375	date:	2020-09-30T15:47:21
db:	PACKETSTORM	id:	152844	date:	2019-05-14T00:27:53
db:	PACKETSTORM	id:	152845	date:	2019-05-14T00:28:29
db:	PACKETSTORM	id:	153117	date:	2019-05-29T13:24:19
db:	CNNVD	id:	CNNVD-201905-524	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-8601	date:	2019-12-18T18:15:28.507