CVE-2019-8678 - OpenCVE

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Tvos Icloud Safari Itunes Mac Os X

Configuration 1 [-]

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::

References

Link	Resource
https://support.apple.com/HT210346	Vendor Advisory
https://support.apple.com/HT210348	Vendor Advisory
https://support.apple.com/HT210351	Vendor Advisory
https://support.apple.com/HT210355	Vendor Advisory
https://support.apple.com/HT210356	Vendor Advisory
https://support.apple.com/HT210357	Vendor Advisory
https://support.apple.com/HT210358	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2019-12-18T17:33:21

Updated: 2019-12-18T17:33:21

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8678

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-18T18:15:33.317

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-8678

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "iOS 12.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "macOS Mojave 10.14.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "tvOS 12.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "Safari 12.1.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "iTunes for Windows 12.9.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "iCloud for Windows 7.13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows (Microsoft Store)", "vendor": "Apple", "versions": [{"lessThan": "iCloud for Windows 10.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T17:33:21", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210346"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210348"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210351"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210355"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210356"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210357"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT210358"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8678", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 12.4"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "macOS Mojave 10.14.6"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "tvOS 12.4"}]}}, {"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "Safari 12.1.2"}]}}, {"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "iTunes for Windows 12.9.6"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "iCloud for Windows 7.13"}]}}, {"product_name": "iCloud for Windows (Microsoft Store)", "version": {"version_data": [{"version_affected": "<", "version_value": "iCloud for Windows 10.6"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT210346", "refsource": "MISC", "url": "https://support.apple.com/HT210346"}, {"name": "https://support.apple.com/HT210348", "refsource": "MISC", "url": "https://support.apple.com/HT210348"}, {"name": "https://support.apple.com/HT210351", "refsource": "MISC", "url": "https://support.apple.com/HT210351"}, {"name": "https://support.apple.com/HT210355", "refsource": "MISC", "url": "https://support.apple.com/HT210355"}, {"name": "https://support.apple.com/HT210356", "refsource": "MISC", "url": "https://support.apple.com/HT210356"}, {"name": "https://support.apple.com/HT210357", "refsource": "MISC", "url": "https://support.apple.com/HT210357"}, {"name": "https://support.apple.com/HT210358", "refsource": "MISC", "url": "https://support.apple.com/HT210358"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8678", "datePublished": "2019-12-18T17:33:21", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2019-12-18T17:33:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "086B8913-51FE-4FCA-AB2C-47541F2C3252", "versionEndExcluding": "7.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "71143206-77A6-4B8F-964B-FD4E00C1AE60", "versionEndExcluding": "10.6", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B", "versionEndExcluding": "12.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "11DC97B1-0EC4-4DCE-999C-743D64E4D108", "versionEndExcluding": "12.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "78127EE5-23FE-4C66-B7EE-2CF3E19F0503", "versionEndExcluding": "12.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E97851-4DFF-4852-A339-183331F4ACBC", "versionEndExcluding": "10.14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6", "versionEndExcluding": "12.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "M\u00faltiples problemas de corrupci\u00f3n de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versi\u00f3n 12.4, macOS Mojave versi\u00f3n 10.14.6, tvOS versi\u00f3n 12.4, Safari versi\u00f3n 12.1.2, iTunes para Windows versi\u00f3n 12.9.6, iCloud para Windows versi\u00f3n 7.13, iCloud para Windows versi\u00f3n 10.6. El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2019-8678", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-18T18:15:33.317", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210346"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210348"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210351"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210355"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210356"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210357"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT210358"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}