Vulnerability CVE-2019-8558

Vulnerability CVE-2019-8558

Published: 2019-12-18

Description:

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

See advisories in our WLB2 database:

	Topic	Author	Date
High	JavaScriptCore CodeBlock Use-After-Free	saelo	02.04.2019

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Apple -> Icloud
Apple -> Itunes
Apple -> Safari
Apple -> Iphone os
Apple -> TVOS
Apple -> Watchos

References:

https://support.apple.com/HT209599

https://support.apple.com/HT209601

https://support.apple.com/HT209602

https://support.apple.com/HT209603

https://support.apple.com/HT209604

https://support.apple.com/HT209605

Copyright 2024, cxsecurity.com