CVE-2019-8752 - OpenCVE

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Ipad Os Tvos Icloud Safari Itunes

Configuration 1 [-]

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

References

Link	Resource
https://support.apple.com/en-us/HT210603	Vendor Advisory
https://support.apple.com/en-us/HT210604	Vendor Advisory
https://support.apple.com/en-us/HT210605	Vendor Advisory
https://support.apple.com/en-us/HT210607	Vendor Advisory
https://support.apple.com/en-us/HT210635	Vendor Advisory
https://support.apple.com/en-us/HT210636	Vendor Advisory
https://support.apple.com/en-us/HT210637	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T19:45:29

Updated: 2020-10-27T19:45:29

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8752

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-27T20:15:18.610

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-8752

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "13.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "12.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "10.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "7.14", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:45:29", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210604"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210607"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210603"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210635"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210636"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210637"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210605"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13.1"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13"}]}}, {"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "13.0"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6"}]}}, {"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "12.10"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "10.7"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "7.14"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210604", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210604"}, {"name": "https://support.apple.com/en-us/HT210607", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210607"}, {"name": "https://support.apple.com/en-us/HT210603", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210603"}, {"name": "https://support.apple.com/en-us/HT210635", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210635"}, {"name": "https://support.apple.com/en-us/HT210636", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210636"}, {"name": "https://support.apple.com/en-us/HT210637", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210637"}, {"name": "https://support.apple.com/en-us/HT210605", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210605"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8752", "datePublished": "2020-10-27T19:45:29", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2020-10-27T19:45:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CD51BEFE-B28D-412A-996D-ADA104E4EC17", "versionEndExcluding": "7.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3AB3D55F-1566-4705-98C9-6D56F8F156F0", "versionEndExcluding": "10.7", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "397F21E9-3B36-49AE-92E3-B5B1FC7773D1", "versionEndExcluding": "12.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE", "versionEndExcluding": "13.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FCDB4B4-9FB3-46C2-A440-C60FEF372880", "versionEndExcluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "74FC47CB-6F80-4521-BE54-47B5630FF496", "versionEndExcluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6FCD7CE-EC26-4952-A34D-2221AA4F223B", "versionEndExcluding": "13", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "70F86075-2932-4E94-B7B2-7DF51A51B179", "versionEndExcluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 m\u00faltiples problemas de corrupci\u00f3n de la memoria con un manejo de la memoria mejorada. Este problema se corrigi\u00f3 en Safari versi\u00f3n 13.0.1, iOS versi\u00f3n 13.1 y iPadOS versi\u00f3n 13.1, iCloud para Windows versi\u00f3n 10.7, iCloud para Windows versi\u00f3n 7.14, tvOS versi\u00f3n 13, watchOS versi\u00f3n 6, iTunes versi\u00f3n 12.10.1 para Windows. El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2019-8752", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:18.610", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210603"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210604"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210605"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210607"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210635"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210636"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210637"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}