Vulnerabilities > CVE-2019-8709 - Out-of-bounds Write vulnerability in Apple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOS_HT210722.NASL |
description | The remote host is running a version of macOS or Mac OS X that is 10.15.x prior to 10.15.1, 10.14.x prior to 10.14.6 security update 2019-001, 10.13.x prior to 10.13.6 security update 2019-006. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the accounts component due to improper input validation. A remote attacker can exploit this, to disclose memory contents. (CVE-2019-8787) - A security bypass vulnerability exists in the App Store component due to an improper state management implementation. A local attacker can exploit this, to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803) - An out-of-bounds read error exists in the IOGraphics component due to improper bounds checking. A local attacker can exploit this, to cause unexpected system termination or to read kernel memory. (CVE-2019-8759) Note that Nessus has not tested for this issue but has instead relied only on the operating system |
last seen | 2020-03-18 |
modified | 2019-11-13 |
plugin id | 130967 |
published | 2019-11-13 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/130967 |
title | macOS 10.15.x < 10.15.1 / 10.14.x < 10.14.6 Security Update 2019-001 / 10.13.x < 10.13.6 Security Update 2019-006 |
code |
|
References
- https://support.apple.com/en-us/HT210604
- https://support.apple.com/en-us/HT210606
- https://support.apple.com/en-us/HT210607
- https://support.apple.com/en-us/HT210634
- https://support.apple.com/en-us/HT210722
- https://support.apple.com/en-us/HT210604
- https://support.apple.com/en-us/HT210722
- https://support.apple.com/en-us/HT210634
- https://support.apple.com/en-us/HT210607
- https://support.apple.com/en-us/HT210606