Vulnerability-Lookup

CVE-2019-8526 (GCVE-0-2019-8526)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2025-10-21 23:35

CISA KEV

Summary

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

An application may be able to gain elevated privileges
CWE-416 - Use After Free

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/HT209600	x_refsource_MISC
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: unspecified , < macOS Mojave 10.14.4 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: db867160-d5d7-42c9-9e00-e70a3948ca1c

Vulnerability ID: CVE-2019-8526

Status: Confirmed

Status Updated: 2023-04-17 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-04-17

Asserted: 2023-04-17

Scope

Notes: KEV entry: Apple macOS Use-After-Free Vulnerability | Affected: Apple / macOS | Description: Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT209600; https://nvd.nist.gov/vuln/detail/CVE-2019-8526

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-416
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	macOS
Due Date	2023-05-08
Date Added	2023-04-17
Vendorproject	Apple
Vulnerabilityname	Apple macOS Use-After-Free Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2019-8526

Created: 2026-02-02 12:27 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:17:31.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT209600"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-8526",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:41:01.734419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-04-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:55.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-04-17T00:00:00.000Z",
            "value": "CVE-2019-8526 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Mojave 10.14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to gain elevated privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:16.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT209600"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8526",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Mojave 10.14.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to gain elevated privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209600",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT209600"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8526",
    "datePublished": "2019-12-18T17:33:16.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:55.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-8526",
      "cwes": "[\"CWE-416\"]",
      "dateAdded": "2023-04-17",
      "dueDate": "2023-05-08",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT209600; https://nvd.nist.gov/vuln/detail/CVE-2019-8526",
      "product": "macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple macOS Use-After-Free Vulnerability"
    },
    "epss": {
      "cve": "CVE-2019-8526",
      "date": "2026-06-01",
      "epss": "0.0021",
      "percentile": "0.4341"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-05-08",
      "cisaExploitAdd": "2023-04-17",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Apple macOS Use-After-Free Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.14.4\", \"matchCriteriaId\": \"09CDBB72-2A0D-4321-BA1F-4FB326A5646A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.\"}, {\"lang\": \"es\", \"value\": \"Un problema de la memoria previamente liberada fue abordado con una mejor administraci\\u00f3n de memoria. Este problema es corregido en macOS Mojave versi\\u00f3n 10.14.4. Una aplicaci\\u00f3n puede obtener privilegios elevados.\"}]",
      "id": "CVE-2019-8526",
      "lastModified": "2024-11-21T04:50:00.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T18:15:24.223",
      "references": "[{\"url\": \"https://support.apple.com/HT209600\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT209600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8526\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:24.223\",\"lastModified\":\"2025-10-23T18:52:38.643\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.\"},{\"lang\":\"es\",\"value\":\"Un problema de la memoria previamente liberada fue abordado con una mejor administraci\u00f3n de memoria. Este problema es corregido en macOS Mojave versi\u00f3n 10.14.4. Una aplicaci\u00f3n puede obtener privilegios elevados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2023-04-17\",\"cisaActionDue\":\"2023-05-08\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple macOS Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14.4\",\"matchCriteriaId\":\"09CDBB72-2A0D-4321-BA1F-4FB326A5646A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT209600\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT209600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/HT209600\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T21:17:31.572Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-8526\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T17:41:01.734419Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-04-17\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-17T00:00:00.000Z\", \"value\": \"CVE-2019-8526 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T17:28:25.734Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"macOS Mojave 10.14.4\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/HT209600\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"An application may be able to gain elevated privileges\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2019-12-18T17:33:16.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"macOS Mojave 10.14.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}]}, \"vendor_name\": \"Apple\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://support.apple.com/HT209600\", \"name\": \"https://support.apple.com/HT209600\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"An application may be able to gain elevated privileges\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-8526\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"product-security@apple.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-8526\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:55.289Z\", \"dateReserved\": \"2019-02-18T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2019-12-18T17:33:16.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2019-AVI-129

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 12.2
Apple	macOS	Apple macOS Mojave versions antérieures à 10.14.4
Apple	macOS	Apple macOS High Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.9.4
Apple	N/A	Apple tvOS versions antérieures à 12.2
Apple	macOS	Apple macOS Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple Xcode versions antérieures à 10.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 7.1
Apple	Safari	Apple Safari versions antérieures à 12.1

References

Title

Publication Time

CERTFR-2019-AVI-129

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 12.2
Apple	macOS	Apple macOS Mojave versions antérieures à 10.14.4
Apple	macOS	Apple macOS High Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.9.4
Apple	N/A	Apple tvOS versions antérieures à 12.2
Apple	macOS	Apple macOS Sierra sans le correctif de sécurité 2019-002
Apple	N/A	Apple Xcode versions antérieures à 10.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 7.1
Apple	Safari	Apple Safari versions antérieures à 12.1

References

Title

Publication Time

CNVD-2019-21975

Vulnerability from cnvd - Published: 2019-07-09

Title

Apple macOS Mojave Security内存错误引用漏洞

Description

Apple macOS Mojave是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。Security是其中的一个安全组件。 Apple macOS Mojave 10.14.4之前版本中的Security组件存在内存错误引用漏洞。攻击者可利用该漏洞获取提升的权限。

Severity

高

Patch Name

Apple macOS Mojave Security内存错误引用漏洞的补丁

Patch Description

Apple macOS Mojave是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。Security是其中的一个安全组件。 Apple macOS Mojave 10.14.4之前版本中的Security组件存在内存错误引用漏洞。攻击者可利用该漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT209600

Reference

https://support.apple.com/zh-cn/HT209600

Impacted products

Name
Apple macOS Mojave <10.14.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8526",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8526"
    }
  },
  "description": "Apple macOS Mojave\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\n\nApple macOS Mojave 10.14.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684Security\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Linus Henze",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT209600",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-21975",
  "openTime": "2019-07-09",
  "patchDescription": "Apple macOS Mojave\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Mojave 10.14.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684Security\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Mojave Security\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS Mojave \u003c10.14.4"
  },
  "referenceLink": "https://support.apple.com/zh-cn/HT209600",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-28",
  "title": "Apple macOS Mojave Security\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}

FKIE_CVE-2019-8526

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2025-10-23 18:52

CISA KEV

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT209600	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT209600	Release Notes, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526	US Government Resource

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "cisaActionDue": "2023-05-08",
  "cisaExploitAdd": "2023-04-17",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apple macOS Use-After-Free Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
              "versionEndExcluding": "10.14.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges."
    },
    {
      "lang": "es",
      "value": "Un problema de la memoria previamente liberada fue abordado con una mejor administraci\u00f3n de memoria. Este problema es corregido en macOS Mojave versi\u00f3n 10.14.4. Una aplicaci\u00f3n puede obtener privilegios elevados."
    }
  ],
  "id": "CVE-2019-8526",
  "lastModified": "2025-10-23T18:52:38.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2019-12-18T18:15:24.223",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209600"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-P8M9-GXW7-G5PF

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2025-10-22 00:31

Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.",
  "id": "GHSA-p8m9-gxw7-g5pf",
  "modified": "2025-10-22T00:31:49Z",
  "published": "2022-05-24T17:04:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8526"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209600"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-8526

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

Aliases

CVE-2019-8526

Aliases

CVE-2019-8526

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8526",
    "description": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.",
    "id": "GSD-2019-8526"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8526"
      ],
      "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.",
      "id": "GSD-2019-8526",
      "modified": "2023-12-13T01:23:48.170159Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8526",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Mojave 10.14.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to gain elevated privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT209600",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT209600"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8526"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209600",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT209600"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-20T23:00Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

VAR-201912-0546

Vulnerability from variot - Updated: 2023-12-18 11:30

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Security is one of the security components. A use-after-free vulnerability exists in the Security component in versions prior to Apple macOS Mojave 10.14.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:

AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team

Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm

CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher

CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)

FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2019-8550: Lauren Guzniczak of Keystone Academy

Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs

Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs

file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher

Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative

iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT

IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher

IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro

Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect

Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero

Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team

Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google

Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG

Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang

Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)

PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike

Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata

Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)

QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs

Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)

Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)

Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest

Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs

TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative

XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

Additional recognition

Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.

Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.

Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.

Installation note:

macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0546",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.4"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.11 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.9.4 for windows earlier"
      },
      {
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "macos mojave",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.4 earlier"
      },
      {
        "model": "macos sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.1 earlier"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.2 earlier"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.2 earlier"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.14"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.14.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.14.2"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple,Linus Henze (pinauten.de)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-8526",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-159961",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-8526",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8526",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-942",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-159961",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-8526",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Security is one of the security components. A use-after-free vulnerability exists in the Security component in versions prior to Apple macOS Mojave 10.14.4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "PACKETSTORM",
        "id": "152222"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8526",
        "trust": 2.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93236010",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152222",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0990",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-159961",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152222"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "id": "VAR-201912-0546",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:30:31.422000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iCloud for Windows 7.11",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209605"
      },
      {
        "title": "About the security content of watchOS 5.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209602"
      },
      {
        "title": "About the security content of iOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209599"
      },
      {
        "title": "About the security content of Xcode 10.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209606"
      },
      {
        "title": "About the security content of tvOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209601"
      },
      {
        "title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209600"
      },
      {
        "title": "About the security content of Safari 12.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209603"
      },
      {
        "title": "About the security content of iTunes 12.9.4 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209604"
      },
      {
        "title": "Apple macOS Mojave Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90386"
      },
      {
        "title": "Apple: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=71ec5bcffc9e0f0f386b31db20244ce1"
      },
      {
        "title": "Keysteal",
        "trust": 0.1,
        "url": "https://github.com/linushenze/keysteal "
      },
      {
        "title": "rootOS",
        "trust": 0.1,
        "url": "https://github.com/thehappydinoa/rootos "
      },
      {
        "title": "security_w1k1",
        "trust": 0.1,
        "url": "https://github.com/euphrat1ca/security_w1k1 "
      },
      {
        "title": "Hack-readme",
        "trust": 0.1,
        "url": "https://github.com/lp008/hack-readme "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/apple-ios-12-2-patches-51-serious-flaws/143162/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209600"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93236010/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6232"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6236"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8554"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht209600"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-28853"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77806"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht209600"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-security-cve-2019-8526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/apple-ios-12-2-patches-51-serious-flaws/143162/"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152222"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152222"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-03-26T14:40:53",
        "db": "PACKETSTORM",
        "id": "152222"
      },
      {
        "date": "2019-12-18T18:15:24.223000",
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-159961"
      },
      {
        "date": "2019-12-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-8526"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-12-20T23:00:57.627000",
        "db": "NVD",
        "id": "CVE-2019-8526"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-942"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8526 (GCVE-0-2019-8526)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CERTFR-2019-AVI-129

Solution

CERTFR-2019-AVI-129

Solution

CNVD-2019-21975

FKIE_CVE-2019-8526

GHSA-P8M9-GXW7-G5PF

GSD-2019-8526

VAR-201912-0546

Tags

Sightings

Nomenclature