Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2019-8591

Published: 18/12/2019 Updated: 20/12/2019
CVSS v2 Base Score: 8.8 | Impact Score: 9.2 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 886
Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C
Subscribe to Apple

Vulnerability Summary

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

apple tvos

apple watchos

Exploits

Exploit DB: macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
/* # Reproduction Tested on macOS 10143: $ clang -o stf_wild_read stf_wild_readcc $ /stf_wild_read # Explanation SIOCSIFADDR is an ioctl that sets the address of an interface The stf interface ioctls are handled by the stf_ioctl function The crash occurs in the following case where a `struct ifreq` is read into kernel memory and then casted ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-5-13-1 iOS 12.3
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-5-13-1 iOS 123 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security via ...
Full Disclosure: APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-5-13-2 macOS Mojave 10145, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra <!--X ...

Github Repositories

https://github.com/Embodimentgeniuslm3/glowing-adventure

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

https://github.com/WRFan/jailbreak10.3.3

This repo provides some info on how to downgrade, jailbreak, and setup IOS 10.3.3 on an iPhone 5s.

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

References

CWE-843https://support.apple.com/HT210118https://support.apple.com/HT210119https://support.apple.com/HT210122https://support.apple.com/HT210120https://nvd.nist.govhttps://www.exploit-db.com/exploits/46891https://github.com/WRFan/jailbreak10.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook