CVE-2019-25071Improper Privilege Management in Apple Iphone OS

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.7%
top 27.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedJun 25
Latest updateJun 26

Description

A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapple/iphone_os< 13.0
CVEListV5apple/ios12.4.0, 12.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-86jq-f3mw-w6pc: ** DISPUTED ** A vulnerability was found in Apple iPhone up to 122022-06-26
CVEList
Apple iOS Siri Self privileges management2022-06-25
CVE-2019-25071 — Improper Privilege Management in Apple | cvebase