⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-6223 — Apple Macos vulnerability

7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 42.46%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS Apple Macos Apple Iphone OS +1 more

Timeline

PublishedMar 5

KEV addedNov 3

KEV dueMay 3

Latest updateMay 13

CISA Required Action: Apply updates per vendor instructions.

Description

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5apple/macosunspecified — macOS Mojave 10.14.3

▶NVDapple/mac_os_x< 10.14.3

▶CVEListV5apple/iosunspecified — iOS 12.1.3

▶NVDapple/iphone_os< 12.1.4

🔴Vulnerability Details

GHSA

GHSA-fj6p-rwp3-vrrh: A logic issue existed in the handling of Group FaceTime calls↗2022-05-13

▶

CVEList

CVE-2019-6223: A logic issue existed in the handling of Group FaceTime calls↗2019-03-05

▶

VulnCheck

Apple iOS and macOS Group Facetime Vulnerability↗2019

▶

📋Vendor Advisories

CISA

Apple iOS and macOS Group Facetime Vulnerability↗2021-11-03

▶

Apple

CVE-2019-6223: iOS 12.1.4↗2019-02-07

▶

Apple

CVE-2019-6223: macOS Mojave 10.14.3 Supplemental Update↗2019-02-07

▶