Details of VAR-201912-0821

ID

VAR-201912-0821

CVE

CVE-2019-6207

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001923

DESCRIPTION

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. An out-of-bounds read vulnerability exists in the Kernel component of Apple iOS versions prior to 12.2, tvOS versions prior to 12.2, and macOS Mojave versions prior to 10.14.4. CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-1 iOS 12.2 iOS 12.2 is now available and addresses the following: CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure Description: This issue was addressed with improved transparency. CVE-2019-8512: an anonymous researcher, an anonymous researcher FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2019-8550: Lauren Guzniczak of Keystone Academy Feedback Assistant Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs Feedback Assistant Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs file Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher GeoServices Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher IOKit SCSI Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing Description: This issue was addressed with improved checks. CVE-2019-7284: Damian Poddebniak of Münster University of Applied Sciences Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Power Management Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Privacy Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious app may be able to track users between installs Description: A privacy issue existed in motion sensor calibration. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited ReplayKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access the microphone without indication to the user Description: An API issue existed in the handling of microphone data. CVE-2019-8566: an anonymous researcher Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A website may be able to access sensor information without user consent Description: A permissions issue existed in the handling of motion and orientation data. CVE-2019-8554: an anonymous researcher Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6204: Ryan Pickren (ryanpickren.com) CVE-2019-8505: Ryan Pickren (ryanpickren.com) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-8551: Ryan Pickren (ryanpickren.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A website may be able to access the microphone without the microphone use indicator being shown Description: A consistency issue was addressed with improved state handling. CVE-2019-6222: Denis Markov of Resonance Software WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt XPC Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Calendar We would like to acknowledge Peter Hempsall of 104days.com, Sascha Mogler of mogler.com, and an anonymous researcher for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Quick Look We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. Screen Time We would like to acknowledge Brandon Moore (@Brandonsecurity) for their assistance. WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu 136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9 ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx 7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1 LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4 +GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc= =VAWG -----END PGP SIGNATURE-----= . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following: AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. CVE-2019-8508: Dr. CVE-2019-8561: Jaron Bradley of Crowdstrike Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update

Trust: 2.16

sources: NVD: CVE-2019-6207 // JVNDB: JVNDB-2019-001923 // VULHUB: VHN-157642 // VULMON: CVE-2019-6207 // PACKETSTORM: 152277 // PACKETSTORM: 152227 // PACKETSTORM: 152222 // PACKETSTORM: 152225

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.4	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.2	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.2	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.11 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.4 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.4 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-002 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	10.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-001923 // NVD: CVE-2019-6207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6207
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201903-950
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157642
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-6207
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6207
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-157642
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6207
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-157642 // VULMON: CVE-2019-6207 // CNNVD: CNNVD-201903-950 // NVD: CVE-2019-6207

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-157642 // NVD: CVE-2019-6207

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-950

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-950

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001923

PATCH

title:	About the security content of iCloud for Windows 7.11	url:	https://support.apple.com/en-us/HT209605	Trust: 0.8
title:	About the security content of watchOS 5.2	url:	https://support.apple.com/en-us/HT209602	Trust: 0.8
title:	About the security content of iOS 12.2	url:	https://support.apple.com/en-us/HT209599	Trust: 0.8
title:	About the security content of Xcode 10.2	url:	https://support.apple.com/en-us/HT209606	Trust: 0.8
title:	About the security content of tvOS 12.2	url:	https://support.apple.com/en-us/HT209601	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://support.apple.com/en-us/HT209600	Trust: 0.8
title:	About the security content of Safari 12.1	url:	https://support.apple.com/en-us/HT209603	Trust: 0.8
title:	About the security content of iTunes 12.9.4 for Windows	url:	https://support.apple.com/en-us/HT209604	Trust: 0.8
title:	Apple iOS , tvOS and macOS Mojave Kernel Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90394	Trust: 0.6
title:	Apple: watchOS 5.2	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=2535ab738191c2105f7d40d8c90ed298	Trust: 0.1
title:	Apple: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=71ec5bcffc9e0f0f386b31db20244ce1	Trust: 0.1
title:	cve-2019-6207	url:	https://github.com/DimitriFourny/cve-2019-6207	Trust: 0.1
title:	CVE-2019-6207	url:	https://github.com/dothanthitiendiettiende/CVE-2019-6207	Trust: 0.1
title:	CVE-2019-6207	url:	https://github.com/maldiohead/CVE-2019-6207	Trust: 0.1
title:	sec-daily-2019	url:	https://github.com/alphaSeclab/sec-daily-2019	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC	url:	https://github.com/Jonathan-Elias/PoC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/ios-122-patches-over-50-security-vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2019-6207 // JVNDB: JVNDB-2019-001923 // CNNVD: CNNVD-201903-950

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6207	Trust: 3.0
db:	PACKETSTORM	id:	152277	Trust: 0.8
db:	JVN	id:	JVNVU93236010	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-001923	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-950	Trust: 0.7
db:	PACKETSTORM	id:	152227	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1032	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0991	Trust: 0.6
db:	VULHUB	id:	VHN-157642	Trust: 0.1
db:	VULMON	id:	CVE-2019-6207	Trust: 0.1
db:	PACKETSTORM	id:	152222	Trust: 0.1
db:	PACKETSTORM	id:	152225	Trust: 0.1

sources: VULHUB: VHN-157642 // VULMON: CVE-2019-6207 // JVNDB: JVNDB-2019-001923 // PACKETSTORM: 152277 // PACKETSTORM: 152227 // PACKETSTORM: 152222 // PACKETSTORM: 152225 // CNNVD: CNNVD-201903-950 // NVD: CVE-2019-6207

REFERENCES

url:	https://support.apple.com/ht209599	Trust: 1.8
url:	https://support.apple.com/ht209600	Trust: 1.8
url:	https://support.apple.com/ht209601	Trust: 1.8
url:	https://support.apple.com/ht209602	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6207	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8510	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8553	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8513	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8558	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8519	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8559	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8520	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8522	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8563	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6239	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8526	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8507	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8533	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8508	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8537	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93236010/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6232	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8561	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6236	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8562	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8565	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8567	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8556	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8555	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8554	Trust: 0.8
url:	https://support.apple.com/en-au/ht209599	Trust: 0.6
url:	https://support.apple.com/en-au/ht209602	Trust: 0.6
url:	https://support.apple.com/en-us/ht209602	Trust: 0.6
url:	https://packetstormsecurity.com/files/152227/apple-security-advisory-2019-3-25-1.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht209600	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-28854	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77810	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77986	Trust: 0.6
url:	https://packetstormsecurity.com/files/152277/apple-security-advisory-2019-3-27-1.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8514	Trust: 0.4
url:	https://support.apple.com/kb/ht201222	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8502	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8516	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8527	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8517	Trust: 0.4
url:	https://www.apple.com/support/security/pgp/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7293	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8511	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8540	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8518	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8506	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7292	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8530	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8544	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8536	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8542	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8545	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7286	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8549	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6201	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7285	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8523	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8521	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8503	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8504	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8515	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8529	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://github.com/dimitrifourny/cve-2019-6207	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht209602	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8552	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8548	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7284	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8505	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12015	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18311	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8551	Trust: 0.1

CREDITS

Apple,Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)

Trust: 0.6

sources: CNNVD: CNNVD-201903-950

SOURCES

db:	VULHUB	id:	VHN-157642
db:	VULMON	id:	CVE-2019-6207
db:	JVNDB	id:	JVNDB-2019-001923
db:	PACKETSTORM	id:	152277
db:	PACKETSTORM	id:	152227
db:	PACKETSTORM	id:	152222
db:	PACKETSTORM	id:	152225
db:	CNNVD	id:	CNNVD-201903-950
db:	NVD	id:	CVE-2019-6207

LAST UPDATE DATE

2024-08-14T12:35:43.720000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157642	date:	2019-12-22T00:00:00
db:	VULMON	id:	CVE-2019-6207	date:	2019-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2020-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201903-950	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-6207	date:	2019-12-22T15:44:20.857

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157642	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-6207	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-001923	date:	2019-03-29T00:00:00
db:	PACKETSTORM	id:	152277	date:	2019-03-28T16:23:02
db:	PACKETSTORM	id:	152227	date:	2019-03-26T14:43:20
db:	PACKETSTORM	id:	152222	date:	2019-03-26T14:40:53
db:	PACKETSTORM	id:	152225	date:	2019-03-26T14:42:33
db:	CNNVD	id:	CNNVD-201903-950	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2019-6207	date:	2019-12-18T18:15:21.053