ID

VAR-201912-0631


CVE

CVE-2019-8628


TITLE

Apple iCloud for Windows Updates for vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-005041

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; Safari versions earlier than 12.1.1. Installation note: Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-28-2 iCloud for Windows 7.12 iCloud for Windows 7.12 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Installation note: iCloud for Windows 7.12 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlztSiMpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GVuhAA tweBnWjA8emUMYG5D2vwjBIW9NPmT2hwrc99HrHd7kEE0R9XS2ZQz1qZcpevzjUv X/fNQqpfdQZ58Jtrd5MTlG4xDBEgfyAZuPP15HPAAo81+0dolTmPO3jKcPbwxkrn Gcg8kvOhBVElk9uTn3nCN2EVlkwqNgGclRZALVxMWdix/KyvrTfyF600zX7pU+9T zz1cLcNTN2EjXxDQ3NzUkJ7o0U8XDwDkfxeKR05qKy3W6w2QIN4a03v0HE8q1jpJ 7kkTDGsRKDrsus0i7HX5FZWbl3fmt2Jynaenor4bXh9VYiFkifWZHR1E8Za24XsE o0rlk0m8OkdMxmHzcTM7jmRCxSg6IBDowgxriLY4rKQKgsUpPz7ZUc7/VZJwBnwP H5Pdwpd3yVZcxhmrguB2chx/c6Cebf+wLIP0wS+uqYdTmbGU/3gRIOuT0XYVJ1Rd Vp1K8ifQw7hb8VXqH/R42QGjfHtPl0lwLc/e8J29oDWQdAIt3IFWLDIrQez8s1ah /Bq12Mm56JFxfWdkJ7hXsxUss9dTM+eqARsm1g1HbWB/1LLcxIsFwUMK53Az8OuN xt1wr24zmE3yXsVzxJOPjeDK7/akz1R1GZYogR/Ynz3O1Puxno0qUrPzDJ2Hq1Vp hNRdKPmbN2ljIgtYEPc9dj5GHk0XOZbKcKCB6xrjxuY= =NGSy -----END PGP SIGNATURE-----

Trust: 3.78

sources: NVD: CVE-2019-8628 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // BID: 108497 // VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 153117

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:12.1.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:10.4

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.12

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:10.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.5

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 10.4 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 10.4 (windows 10 18362.145 or later )

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.12 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.3 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9.5 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.1.1 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.1.1 (macos mojave 10.14.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.1.1 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.3 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.3 (apple tv hd)

Trust: 0.8

vendor:applemodel:airmac base stationscope:ltversion:update 7.9.1 earlier

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.12 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9.5 earlier

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.6.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.9

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.11

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.10

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:icloudscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:neversion:12.9.5

Trust: 0.3

vendor:applemodel:icloudscope:neversion:7.12

Trust: 0.3

sources: BID: 108497 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // NVD: CVE-2019-8628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8628
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2019-005041
value: MEDIUM

Trust: 0.8

NVD: CVE-2019-8628
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-504
value: HIGH

Trust: 0.6

VULHUB: VHN-160063
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8628
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8628
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

JPCERT/CC: JVNDB-2019-005041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160063
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8628
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

JPCERT/CC: JVNDB-2019-005041
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

NVD: CVE-2019-8628
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // CNNVD: CNNVD-201905-504 // NVD: CVE-2019-8628

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.8

sources: VULHUB: VHN-160063 // JVNDB: JVNDB-2019-013428 // NVD: CVE-2019-8628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005041

PATCH

title:About the security content of iCloud for Windows 10.4url:https://support.apple.com/en-us/HT210212

Trust: 1.6

title:HT210124url:https://support.apple.com/en-us/HT210124

Trust: 1.6

title:HT210125url:https://support.apple.com/en-us/HT210125

Trust: 1.6

title:HT210118url:https://support.apple.com/en-us/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/en-us/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/en-us/HT210120

Trust: 0.8

title:HT210123url:https://support.apple.com/en-us/HT210123

Trust: 0.8

title:HT210118url:https://support.apple.com/ja-jp/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/ja-jp/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/ja-jp/HT210120

Trust: 0.8

title:HT210123url:https://support.apple.com/ja-jp/HT210123

Trust: 0.8

title:HT210124url:https://support.apple.com/ja-jp/HT210124

Trust: 0.8

title:HT210125url:https://support.apple.com/ja-jp/HT210125

Trust: 0.8

title:HT210212url:https://support.apple.com/ja-jp/HT210212

Trust: 0.8

title:About the security content of AirPort Base Station Firmware Update 7.9.1url:https://support.apple.com/en-us/HT210090

Trust: 0.8

title:Multiple Apple product WebKit Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92660

Trust: 0.6

sources: JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // CNNVD: CNNVD-201905-504

EXTERNAL IDS

db:NVDid:CVE-2019-8628

Trust: 3.2

db:JVNid:JVNVU95342995

Trust: 1.6

db:JVNid:JVNVU98453159

Trust: 1.6

db:BIDid:108497

Trust: 1.0

db:JVNDBid:JVNDB-2019-005041

Trust: 0.8

db:JVNid:JVNVU93988385

Trust: 0.8

db:JVNDBid:JVNDB-2019-013428

Trust: 0.8

db:JVNDBid:JVNDB-2019-004252

Trust: 0.8

db:CNNVDid:CNNVD-201905-504

Trust: 0.7

db:PACKETSTORMid:152849

Trust: 0.7

db:PACKETSTORMid:153117

Trust: 0.7

db:AUSCERTid:ESB-2019.1698

Trust: 0.6

db:AUSCERTid:ESB-2019.1922

Trust: 0.6

db:VULHUBid:VHN-160063

Trust: 0.1

db:VULMONid:CVE-2019-8628

Trust: 0.1

db:PACKETSTORMid:153116

Trust: 0.1

sources: VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // BID: 108497 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-504 // NVD: CVE-2019-8628

REFERENCES

url:https://support.apple.com/ht210118

Trust: 1.8

url:https://support.apple.com/ht210119

Trust: 1.8

url:https://support.apple.com/ht210120

Trust: 1.8

url:https://support.apple.com/ht210123

Trust: 1.8

url:https://support.apple.com/ht210124

Trust: 1.8

url:https://support.apple.com/ht210125

Trust: 1.8

url:https://support.apple.com/ht210212

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8628

Trust: 1.7

url:https://jvn.jp/vu/jvnvu98453159/

Trust: 1.6

url:https://www.apple.com/

Trust: 0.9

url:https://lists.apple.com/archives/security-announce/2019/may/msg00007.html

Trust: 0.9

url:https://lists.apple.com/archives/security-announce/2019/may/msg00006.html

Trust: 0.9

url:http://jvn.jp/cert/jvnvu95342995

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8628

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93988385/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95342995/

Trust: 0.8

url:https://www.securityfocus.com/bid/108497

Trust: 0.7

url:https://support.apple.com/en-au/ht210123

Trust: 0.6

url:https://support.apple.com/kb/ht210125

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80838

Trust: 0.6

url:https://packetstormsecurity.com/files/153117/apple-security-advisory-2019-5-28-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/152849/apple-security-advisory-2019-5-13-5.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1922/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8587

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8615

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8610

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8611

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-6237

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8595

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8607

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8584

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8623

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8601

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8583

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8596

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8608

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8586

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8597

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8571

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8619

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8622

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8594

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8609

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8598

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8577

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8600

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2019/may/25

Trust: 0.1

url:https://support.apple.com/ht204283

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

sources: VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // BID: 108497 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-504 // NVD: CVE-2019-8628

CREDITS

Apple, sakura of Tencent Xuanwu Lab, 01 working with Trend Micro's Zero Day Initiative, and dwfault working at ADLab of Venustec, Liu Long of Qihoo 360 Vulcan Team,Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab, jessica (@babyjess1ca_)of Tencent Keen Lab,G. Geshev working with Trend Micro Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

SOURCES

db:VULHUBid:VHN-160063
db:VULMONid:CVE-2019-8628
db:BIDid:108497
db:JVNDBid:JVNDB-2019-005041
db:JVNDBid:JVNDB-2019-013428
db:JVNDBid:JVNDB-2019-004252
db:PACKETSTORMid:152849
db:PACKETSTORMid:153116
db:PACKETSTORMid:153117
db:CNNVDid:CNNVD-201905-504
db:NVDid:CVE-2019-8628

LAST UPDATE DATE

2024-08-14T12:29:05.548000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160063date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-8628date:2020-08-24T00:00:00
db:BIDid:108497date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2019-005041date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2019-013428date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-004252date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-504date:2020-08-25T00:00:00
db:NVDid:CVE-2019-8628date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-160063date:2019-12-18T00:00:00
db:VULMONid:CVE-2019-8628date:2019-12-18T00:00:00
db:BIDid:108497date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2019-005041date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2019-013428date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-004252date:2019-05-30T00:00:00
db:PACKETSTORMid:152849date:2019-05-14T00:30:08
db:PACKETSTORMid:153116date:2019-05-29T13:23:53
db:PACKETSTORMid:153117date:2019-05-29T13:24:19
db:CNNVDid:CNNVD-201905-504date:2019-05-14T00:00:00
db:NVDid:CVE-2019-8628date:2019-12-18T18:15:30.333