CVE-2019-6206 — Sensitive Information Exposure in Apple IOS

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 40.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Iphone OS

Timeline

PublishedMar 4

Latest updateMay 13

Description

An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apple/iosunspecified — iOS 12.1.3

▶NVDapple/iphone_os< 12.1.3

🔴Vulnerability Details

GHSA

GHSA-8r4r-5xr2-7566: An issue existed with autofill resuming after it was canceled↗2022-05-13

▶

CVEList

CVE-2019-6206: An issue existed with autofill resuming after it was canceled↗2019-03-04

▶

📋Vendor Advisories

Apple

CVE-2019-6206: iOS 12.1.3↗2019-01-22

▶