ID

VAR-202010-0144


CVE

CVE-2019-8836


TITLE

plural Apple Product Corruption Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-015878

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. IOUSBDeviceFamily is one of the components used to support device-host communication via USB. A security vulnerability exists in the IOUSBDeviceFamily component in several Apple products. The following products and versions are affected: Apple watchOS earlier than 6.1.1; tvOS earlier than 13.3; iOS earlier than 13.3; iPadOS earlier than 13.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 iOS 13.3 and iPadOS 13.3 is now available and addresses the following: CallKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. CVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL CFNetwork Proxies Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team FaceTime Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8830: Natalie Silvanovich of Google Project Zero IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2019-8841: Corellium IOUSBDeviceFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8833: Ian Beer of Google Project Zero Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8828: Cim Stordal of Cognite CVE-2019-8838: Dr Silvio Cesare of InfoSect libexpat Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: This issue was addressed by updating to expat version 2.2.8. CVE-2019-15903: Joonun Jang Photos Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel Description: The issue was addressed with improved validation when an iCloud Link is created. CVE-2019-8857: Tor Bruce Security Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8832: Insu Yun of SSLab at Georgia Tech WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8835: Anonymous working with Trend Micro's Zero Day Initiative, Mike Zhang of Pangu Team CVE-2019-8844: William Bowling (@wcbowling) WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8846: Marcin Towalski of Cisco Talos Additional recognition Accounts We would like to acknowledge Kishan Bagaria (KishanBagaria.com <http://kishanbagaria.com/>) and Tom Snelling of Loughborough University for their assistance. Core Data We would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance. Settings We would like to acknowledge an anonymous researcher for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ <https://www.apple.com/itunes/> iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.3 and iPadOS 13.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 <https://support.apple.com/kb/HT201222> This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ <https://www.apple.com/support/security/pgp/> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl3wFpoACgkQBz4uGe3y 0M18fQ//WhVI4LKBRFvq8A5p7T8wwMklItFubvFzcxAec3ZHIYAXTTLpvZWNKCrc wvqlPkNBs1onvaq6LPddeL9uMWgBB0iiks6HX5oRrHuvutiRGC1n8VzJCgW8BWwI 7CNFNBXl4iBflupZlCnSdbwbDkJSyNN+DvouxzfXMqbpdnjV1NVNtlM/WrdFnVgU vqAnxY7FEFrwgyU/zAbfyo5S4qJ2fRC9MPiO3Tiq+abVEcprQ4wSmKJUtgvgudOX witjbU8I9eKz2H5jq555gkq4yZVHjg7vDhj1Ln1Zm2bO2PM5A6dsXsSCwzIYaqvF /wbrOuVbw1f1F4mD8Oq7IFHXsoWysUnOPEApeKE7L0XvH7CmCDccd7k9txOIRWRt 2rj+8YqGvo1fXKnIULVgtltbnxMKhZJO6ISZnTQ+3CnNfWEgXx+dNVDBB1HIGooJ JkpldVmjNXBts/DV0FEZXbYLVWCk90D0sSeMTE64v9U6v690JVGoXHynhYhui4IX gSbbcvwslD8MLHyK1E29t7X3XdIGVuzcq+OJ7oFn7T1lX14UflvKRNkEDDfc4Tsj lllrvrU084mWQaryldWIGzDNDT7O4RDsTCKzEPYSqXm3mxP13jZj1sDv1f1/2FdQ GmjCFIvlnYZeHB2mbStt3T9LXe7tuaF1TIYnG103h/SQEmwfiOk= =m//a -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.07

sources: NVD: CVE-2019-8836 // JVNDB: JVNDB-2019-015878 // VULHUB: VHN-160271 // VULMON: CVE-2019-8836 // PACKETSTORM: 155643 // PACKETSTORM: 155670 // PACKETSTORM: 155640

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.1.2

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.3.1 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.3.1 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.3.1 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.3.1 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.3.1 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.1.2 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.3.1 未満 (ipad mini 4 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015878 // NVD: CVE-2019-8836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8836
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015878
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-483
value: HIGH

Trust: 0.6

VULHUB: VHN-160271
value: HIGH

Trust: 0.1

VULMON: CVE-2019-8836
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8836
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015878
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160271
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8836
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015878
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160271 // VULMON: CVE-2019-8836 // JVNDB: JVNDB-2019-015878 // CNNVD: CNNVD-201912-483 // NVD: CVE-2019-8836

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-160271 // JVNDB: JVNDB-2019-015878 // NVD: CVE-2019-8836

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-483

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-483

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015878

PATCH

title:HT210918url:https://support.apple.com/en-us/HT210918

Trust: 0.8

title:HT210920url:https://support.apple.com/en-us/HT210920

Trust: 0.8

title:HT210921url:https://support.apple.com/en-us/HT210921

Trust: 0.8

title:HT210918url:https://support.apple.com/ja-jp/HT210918

Trust: 0.8

title:HT210920url:https://support.apple.com/ja-jp/HT210920

Trust: 0.8

title:HT210921url:https://support.apple.com/ja-jp/HT210921

Trust: 0.8

title:Multiple Apple product IOUSBDeviceFamily Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105333

Trust: 0.6

title:Apple: watchOS 6.1.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d070c4235862ff7520377ed51b851242

Trust: 0.1

title:Apple: tvOS 13.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=47fac1737cdf117ddff1611c1b055dc6

Trust: 0.1

title:Apple: iOS 13.3 and iPadOS 13.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b7ac13606c61b1f11a22b4bfa7f9975c

Trust: 0.1

sources: VULMON: CVE-2019-8836 // JVNDB: JVNDB-2019-015878 // CNNVD: CNNVD-201912-483

EXTERNAL IDS

db:NVDid:CVE-2019-8836

Trust: 2.9

db:JVNid:JVNVU95678717

Trust: 0.8

db:JVNDBid:JVNDB-2019-015878

Trust: 0.8

db:CNNVDid:CNNVD-201912-483

Trust: 0.7

db:PACKETSTORMid:155670

Trust: 0.7

db:AUSCERTid:ESB-2019.4629

Trust: 0.6

db:CNVDid:CNVD-2020-03862

Trust: 0.1

db:VULHUBid:VHN-160271

Trust: 0.1

db:VULMONid:CVE-2019-8836

Trust: 0.1

db:PACKETSTORMid:155643

Trust: 0.1

db:PACKETSTORMid:155640

Trust: 0.1

sources: VULHUB: VHN-160271 // VULMON: CVE-2019-8836 // JVNDB: JVNDB-2019-015878 // PACKETSTORM: 155643 // PACKETSTORM: 155670 // PACKETSTORM: 155640 // CNNVD: CNNVD-201912-483 // NVD: CVE-2019-8836

REFERENCES

url:https://support.apple.com/en-us/ht210918

Trust: 1.8

url:https://support.apple.com/en-us/ht210920

Trust: 1.8

url:https://support.apple.com/en-us/ht210921

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8836

Trust: 1.7

url:https://support.apple.com/kb/ht201222

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8836

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95678717/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4629/

Trust: 0.6

url:https://packetstormsecurity.com/files/155670/apple-security-advisory-2019-12-10-1.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-31120

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-8832

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8848

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8838

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8844

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8828

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8830

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8833

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-8846

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8835

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8856

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/172826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8841

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:http://kishanbagaria.com/>)

Trust: 0.1

url:https://www.apple.com/support/security/pgp/>

Trust: 0.1

url:https://support.apple.com/kb/ht201222>

Trust: 0.1

url:https://www.apple.com/itunes/>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8857

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

sources: VULHUB: VHN-160271 // VULMON: CVE-2019-8836 // JVNDB: JVNDB-2019-015878 // PACKETSTORM: 155643 // PACKETSTORM: 155670 // PACKETSTORM: 155640 // CNNVD: CNNVD-201912-483 // NVD: CVE-2019-8836

CREDITS

Apple

Trust: 0.9

sources: PACKETSTORM: 155643 // PACKETSTORM: 155670 // PACKETSTORM: 155640 // CNNVD: CNNVD-201912-483

SOURCES

db:VULHUBid:VHN-160271
db:VULMONid:CVE-2019-8836
db:JVNDBid:JVNDB-2019-015878
db:PACKETSTORMid:155643
db:PACKETSTORMid:155670
db:PACKETSTORMid:155640
db:CNNVDid:CNNVD-201912-483
db:NVDid:CVE-2019-8836

LAST UPDATE DATE

2024-08-14T13:02:03.411000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160271date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8836date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015878date:2021-01-28T05:11:37
db:CNNVDid:CNNVD-201912-483date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8836date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-160271date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8836date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015878date:2021-01-28T05:11:37
db:PACKETSTORMid:155643date:2019-12-12T00:18:11
db:PACKETSTORMid:155670date:2019-12-14T12:22:22
db:PACKETSTORMid:155640date:2019-12-12T00:16:21
db:CNNVDid:CNNVD-201912-483date:2019-12-11T00:00:00
db:NVDid:CVE-2019-8836date:2020-10-27T20:15:20.737