Vulnerabilities > CVE-2019-7286 - Out-of-bounds Write vulnerability in Apple mac OS X
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:46803 |
last seen | 2019-05-06 |
modified | 2019-05-06 |
published | 2019-05-06 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46803 |
title | iOS 12.1.3 - 'cfprefsd' Memory Corruption |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_14_3_SU1.NASL |
description | The remote host is running a version of macOS 10.14.3 that is missing the macOS 10.14.3 Supplemental Update. This update fixes the following vulnerabilities : - An unspecified flaw exists related to handling Group FaceTime calls that allows an attacker to cause a call recipient to unintentionally answer. (CVE-2019-6223) - An input-validation flaw exists related to the Foundation component that allows memory corruption and privilege escalation. (CVE-2019-7286) - An unspecified flaw exists related to Live Photos in FaceTime having unspecified impact. (CVE-2019-7288) |
last seen | 2020-03-18 |
modified | 2019-03-01 |
plugin id | 122508 |
published | 2019-03-01 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/122508 |
title | macOS 10.14.3 Supplemental Update |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/152735/ios1213-corrupt.txt |
id | PACKETSTORM:152735 |
last seen | 2019-05-07 |
published | 2019-05-06 |
reporter | ZecOps |
source | https://packetstormsecurity.com/files/152735/iOS-12.1.3-cfprefsd-Memory-Corruption.html |
title | iOS 12.1.3 cfprefsd Memory Corruption |
The Hacker News
id THN:7A3C6BADEC3558C9D0EC847AFC345CCD last seen 2019-09-07 modified 2019-09-07 published 2019-08-30 reporter The Hacker News source https://thehackernews.com/2019/08/hacking-iphone-ios-exploits.html title Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years id THN:8B72E42B2E838108A13F75F24E865BD6 last seen 2019-02-08 modified 2019-02-08 published 2019-02-08 reporter The Hacker News source https://thehackernews.com/2019/02/ios-security-update-facetime.html title Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs