Details of VAR-201912-0631

ID

VAR-201912-0631

CVE

CVE-2019-8628

TITLE

Apple iCloud for Windows Updates for vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-005041

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; Safari versions earlier than 12.1.1. Installation note: Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-28-2 iCloud for Windows 7.12 iCloud for Windows 7.12 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Installation note: iCloud for Windows 7.12 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlztSiMpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GVuhAA tweBnWjA8emUMYG5D2vwjBIW9NPmT2hwrc99HrHd7kEE0R9XS2ZQz1qZcpevzjUv X/fNQqpfdQZ58Jtrd5MTlG4xDBEgfyAZuPP15HPAAo81+0dolTmPO3jKcPbwxkrn Gcg8kvOhBVElk9uTn3nCN2EVlkwqNgGclRZALVxMWdix/KyvrTfyF600zX7pU+9T zz1cLcNTN2EjXxDQ3NzUkJ7o0U8XDwDkfxeKR05qKy3W6w2QIN4a03v0HE8q1jpJ 7kkTDGsRKDrsus0i7HX5FZWbl3fmt2Jynaenor4bXh9VYiFkifWZHR1E8Za24XsE o0rlk0m8OkdMxmHzcTM7jmRCxSg6IBDowgxriLY4rKQKgsUpPz7ZUc7/VZJwBnwP H5Pdwpd3yVZcxhmrguB2chx/c6Cebf+wLIP0wS+uqYdTmbGU/3gRIOuT0XYVJ1Rd Vp1K8ifQw7hb8VXqH/R42QGjfHtPl0lwLc/e8J29oDWQdAIt3IFWLDIrQez8s1ah /Bq12Mm56JFxfWdkJ7hXsxUss9dTM+eqARsm1g1HbWB/1LLcxIsFwUMK53Az8OuN xt1wr24zmE3yXsVzxJOPjeDK7/akz1R1GZYogR/Ynz3O1Puxno0qUrPzDJ2Hq1Vp hNRdKPmbN2ljIgtYEPc9dj5GHk0XOZbKcKCB6xrjxuY= =NGSy -----END PGP SIGNATURE-----

Trust: 3.78

sources: NVD: CVE-2019-8628 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // BID: 108497 // VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 153117

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	12.1.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	10.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.12	Trust: 1.0
vendor:	apple	model:	icloud	scope:	gte	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.5	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.4 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.4	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.4 (windows 10 18362.145 or later )	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.12 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos high sierra 10.13.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos mojave 10.14.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.3 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	airmac base station	scope:	lt	version:	update 7.9.1 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.12 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.5 earlier	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.6.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.9	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.5	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.11	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.10	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	icloud	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	12.9.5	Trust: 0.3
vendor:	apple	model:	icloud	scope:	ne	version:	7.12	Trust: 0.3

sources: BID: 108497 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // NVD: CVE-2019-8628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8628
value:	HIGH
Trust: 1.0
JPCERT/CC:	JVNDB-2019-005041
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2019-8628
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-504
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160063
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8628
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8628
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
JPCERT/CC:	JVNDB-2019-005041
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-160063
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8628
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
JPCERT/CC:	JVNDB-2019-005041
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
NVD:	CVE-2019-8628
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // CNNVD: CNNVD-201905-504 // NVD: CVE-2019-8628

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.8

sources: VULHUB: VHN-160063 // JVNDB: JVNDB-2019-013428 // NVD: CVE-2019-8628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005041

PATCH

title:	About the security content of iCloud for Windows 10.4	url:	https://support.apple.com/en-us/HT210212	Trust: 1.6
title:	HT210124	url:	https://support.apple.com/en-us/HT210124	Trust: 1.6
title:	HT210125	url:	https://support.apple.com/en-us/HT210125	Trust: 1.6
title:	HT210118	url:	https://support.apple.com/en-us/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/en-us/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/en-us/HT210120	Trust: 0.8
title:	HT210123	url:	https://support.apple.com/en-us/HT210123	Trust: 0.8
title:	HT210118	url:	https://support.apple.com/ja-jp/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/ja-jp/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/ja-jp/HT210120	Trust: 0.8
title:	HT210123	url:	https://support.apple.com/ja-jp/HT210123	Trust: 0.8
title:	HT210124	url:	https://support.apple.com/ja-jp/HT210124	Trust: 0.8
title:	HT210125	url:	https://support.apple.com/ja-jp/HT210125	Trust: 0.8
title:	HT210212	url:	https://support.apple.com/ja-jp/HT210212	Trust: 0.8
title:	About the security content of AirPort Base Station Firmware Update 7.9.1	url:	https://support.apple.com/en-us/HT210090	Trust: 0.8
title:	Multiple Apple product WebKit Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92660	Trust: 0.6

sources: JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // CNNVD: CNNVD-201905-504

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8628	Trust: 3.2
db:	JVN	id:	JVNVU95342995	Trust: 1.6
db:	JVN	id:	JVNVU98453159	Trust: 1.6
db:	BID	id:	108497	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-005041	Trust: 0.8
db:	JVN	id:	JVNVU93988385	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013428	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004252	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-504	Trust: 0.7
db:	PACKETSTORM	id:	152849	Trust: 0.7
db:	PACKETSTORM	id:	153117	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1698	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1922	Trust: 0.6
db:	VULHUB	id:	VHN-160063	Trust: 0.1
db:	VULMON	id:	CVE-2019-8628	Trust: 0.1
db:	PACKETSTORM	id:	153116	Trust: 0.1

sources: VULHUB: VHN-160063 // VULMON: CVE-2019-8628 // BID: 108497 // JVNDB: JVNDB-2019-005041 // JVNDB: JVNDB-2019-013428 // JVNDB: JVNDB-2019-004252 // PACKETSTORM: 152849 // PACKETSTORM: 153116 // PACKETSTORM: 153117 // CNNVD: CNNVD-201905-504 // NVD: CVE-2019-8628

REFERENCES

url:	https://support.apple.com/ht210118	Trust: 1.8
url:	https://support.apple.com/ht210119	Trust: 1.8
url:	https://support.apple.com/ht210120	Trust: 1.8
url:	https://support.apple.com/ht210123	Trust: 1.8
url:	https://support.apple.com/ht210124	Trust: 1.8
url:	https://support.apple.com/ht210125	Trust: 1.8
url:	https://support.apple.com/ht210212	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8628	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu98453159/	Trust: 1.6
url:	https://www.apple.com/	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/may/msg00007.html	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/may/msg00006.html	Trust: 0.9
url:	http://jvn.jp/cert/jvnvu95342995	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8628	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93988385/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu95342995/	Trust: 0.8
url:	https://www.securityfocus.com/bid/108497	Trust: 0.7
url:	https://support.apple.com/en-au/ht210123	Trust: 0.6
url:	https://support.apple.com/kb/ht210125	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80838	Trust: 0.6
url:	https://packetstormsecurity.com/files/153117/apple-security-advisory-2019-5-28-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/152849/apple-security-advisory-2019-5-13-5.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1922/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8587	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8615	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8610	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8611	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8595	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8607	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8584	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8623	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8601	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8583	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8596	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8608	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8586	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8597	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8571	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8619	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8622	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8594	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8609	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8598	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8602	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8577	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8600	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2019/may/25	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1

CREDITS

Apple, sakura of Tencent Xuanwu Lab, 01 working with Trend Micro's Zero Day Initiative, and dwfault working at ADLab of Venustec, Liu Long of Qihoo 360 Vulcan Team,Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab, jessica (@babyjess1ca_)of Tencent Keen Lab,G. Geshev working with Trend Micro Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-201905-504

SOURCES

db:	VULHUB	id:	VHN-160063
db:	VULMON	id:	CVE-2019-8628
db:	BID	id:	108497
db:	JVNDB	id:	JVNDB-2019-005041
db:	JVNDB	id:	JVNDB-2019-013428
db:	JVNDB	id:	JVNDB-2019-004252
db:	PACKETSTORM	id:	152849
db:	PACKETSTORM	id:	153116
db:	PACKETSTORM	id:	153117
db:	CNNVD	id:	CNNVD-201905-504
db:	NVD	id:	CVE-2019-8628

LAST UPDATE DATE

2024-08-14T12:29:05.548000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160063	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-8628	date:	2020-08-24T00:00:00
db:	BID	id:	108497	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-005041	date:	2019-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-013428	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004252	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-504	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-8628	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160063	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8628	date:	2019-12-18T00:00:00
db:	BID	id:	108497	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-005041	date:	2019-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-013428	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004252	date:	2019-05-30T00:00:00
db:	PACKETSTORM	id:	152849	date:	2019-05-14T00:30:08
db:	PACKETSTORM	id:	153116	date:	2019-05-29T13:23:53
db:	PACKETSTORM	id:	153117	date:	2019-05-29T13:24:19
db:	CNNVD	id:	CNNVD-201905-504	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-8628	date:	2019-12-18T18:15:30.333