CVE-2019-6223
published 2019-03-05CVE-2019-6223: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios | >= unspecified < iOS 12.1.3 | iOS 12.1.3 |
| apple | iphone_os | < 12.1.4 | 12.1.4 |
| apple | mac_os_x | < 10.14.3 | 10.14.3 |
| apple | macos | >= unspecified < macOS Mojave 10.14.3 | macOS Mojave 10.14.3 |
| apple | macos_mojave_10.14.3_supplemental_update | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CISA
Apple iOS and macOS Group Facetime Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2019-6223 [HIGH] Apple iOS and macOS Group Facetime Vulnerability
Vulnerability: Apple iOS and macOS Group Facetime Vulnerability
Affected: Apple iOS and macOS
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-6223
Remediation Due Date: 2022-05-03
Apple
CVE-2019-6223: iOS 12.1.4
vendor_apple·2019-02-07·CVSS 7.5
CVE-2019-6223 [HIGH] CVE-2019-6223: iOS 12.1.4
Apple Security Update: About the security content of iOS 12.1.4
Product: iOS
Version: 12.1.4
CVE: CVE-2019-6223
Component: FaceTime
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
Apple
CVE-2019-6223: macOS Mojave 10.14.3 Supplemental Update
vendor_apple·2019-02-07·CVSS 7.5
CVE-2019-6223 [HIGH] CVE-2019-6223: macOS Mojave 10.14.3 Supplemental Update
Apple Security Update: About the security content of macOS Mojave 10.14.3 Supplemental Update
Product: macOS Mojave 10.14.3 Supplemental Update
CVE: CVE-2019-6223
Component: FaceTime
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
GHSA
GHSA-fj6p-rwp3-vrrh: A logic issue existed in the handling of Group FaceTime calls
ghsa_unreviewed·2022-05-13
CVE-2019-6223 [HIGH] GHSA-fj6p-rwp3-vrrh: A logic issue existed in the handling of Group FaceTime calls
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
VulnCheck
Apple iOS and macOS Group Facetime Vulnerability
vulncheck·2019·CVSS 7.5
CVE-2019-6223 [HIGH] Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Affected: Apple iOS and macOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.eweek.com/security/apple-patches-facetime-vulnerability-in-ios-macos-updates/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-05
Published
2021-11-03
Added to CISA KEV
Exploited in the wild