Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2019-8591

Published: 18/12/2019 Updated: 20/12/2019
CVSS v2 Base Score: 8.8 | Impact Score: 9.2 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 886
Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C

Vulnerability Summary

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple tvos

apple mac os x

apple watchos

Exploits

Exploit DB: macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
/* # Reproduction Tested on macOS 10143: $ clang -o stf_wild_read stf_wild_readcc $ /stf_wild_read # Explanation SIOCSIFADDR is an ioctl that sets the address of an interface The stf interface ioctls are handled by the stf_ioctl function The crash occurs in the following case where a `struct ifreq` is read into kernel memory and then casted ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-5-13-4 watchOS 5.2.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-4 watchOS 521 watchOS 521 is now available and addresses the following: AppleFileConduit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with ...
Full Disclosure: APPLE-SA-2019-5-13-3 tvOS 12.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-3 tvOS 123 tvOS 123 is now available and addresses the following: AppleFileConduit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved m ...
Full Disclosure: APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-2 macOS Mojave 10145, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra macOS Mojave 10145, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the following: Accessibility Framework Available for: macOS Si ...
Full Disclosure: APPLE-SA-2019-5-13-1 iOS 12.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 123 iOS 123 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corru ...

Github Repositories

https://github.com/Embodimentgeniuslm3/glowing-adventure

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

https://github.com/WRFan/jailbreak10.3.3

This repo provides some info on how to downgrade, jailbreak, and setup IOS 10.3.3 on an iPhone 5s.

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

References

CWE-843https://support.apple.com/HT210118https://support.apple.com/HT210119https://support.apple.com/HT210122https://support.apple.com/HT210120https://nvd.nist.govhttps://www.exploit-db.com/exploits/46891https://github.com/WRFan/jailbreak10.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627CVE-2022-45803CVE-2024-38319cameratemplate injectionCVE-2024-27801CVE-2024-0762CVE-2024-5791unauthorized
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook