NA

CVE-2019-7286

Published: 07/02/2019 Updated: 07/02/2019

Vulnerability Summary

Foundation: A memory corruption issue was addressed with improved input validation. An application may be able to gain elevated privileges.

Vulnerability Trend

Vendor Advisories

About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible For more info ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible For more info ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible For more info ...

Exploits

// (c) 2019 ZecOps, Inc - wwwzecopscom - Find Attackers' Mistakes // Intended only for educational and defensive purposes only // Use at your own risk #include <xpc/xpch> #import <pthreadh> #include <mach/machh> #include <mach/taskh> #include <dlfcnh> #include <mach-o/dyld_imagesh> #include ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-2 macOS Mojave 10143 Supplemental Update macOS Mojave 10143 Supplemental Update is now available and addresses the following: FaceTime Available for: macOS Mojave 10143 Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-2 macOS Mojave 10143 Supplemental Update macOS Mojave 10143 Supplemental Update is now available and addresses the following: FaceTime Available for: macOS Mojave 10143 Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-1 iOS 1214 iOS 1214 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: A logic is ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-1 iOS 1214 iOS 1214 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: A logic is ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-27-1 watchOS 52 watchOS 52 is now available and addresses the following: CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic CVE-20 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-27-1 watchOS 52 watchOS 52 is now available and addresses the following: CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic CVE-20 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 122 tvOS 122 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 122 tvOS 122 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic ...

Github Repositories

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4
BleepingComputer • Sergiu Gatlan • 08 Feb 2019

As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update.
Zero-day (also known as 0day or 0-day) vulnerabilities are security vulnerabilities that are known to the software maker but do not yet have a patch, thus exposing vulnerable devices to potential attacks.
The first iOS zero-day vulnerability which was reported by Hawkes as actively explo...