CVE-2019-6227
published 2019-03-05CVE-2019-6227: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes…
PriorityP349high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.89%
77.0th percentile
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud | < 7.10 | 7.10 |
| apple | icloud_for_windows | — | — |
| apple | icloud_for_windows | >= unspecified < iCloud for Windows 7.10 | iCloud for Windows 7.10 |
| apple | ios | — | — |
| apple | ios | >= unspecified < iOS 12.1.3 | iOS 12.1.3 |
| apple | iphone_os | < 12.1.3 | 12.1.3 |
| apple | itunes | < 12.9.3 | 12.9.3 |
| apple | itunes_12.9.3_for_windows | — | — |
| apple | itunes_for_windows | >= unspecified < iTunes 12.9.3 for Windows | iTunes 12.9.3 for Windows |
| apple | safari | < 12.0.3 | 12.0.3 |
| apple | safari | — | — |
| apple | safari | >= unspecified < Safari 12.0.3 | Safari 12.0.3 |
| apple | tvos | < 12.1.2 | 12.1.2 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < tvOS 12.1.2 | tvOS 12.1.2 |
| apple | watchos | < 5.1.3 | 5.1.3 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < watchOS 5.1.3 | watchOS 5.1.3 |
| debian | webkit2gtk | < webkit2gtk 2.22.5-1 (bookworm) | webkit2gtk 2.22.5-1 (bookworm) |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2019-6227: iTunes 12.9.3 for Windows
vendor_apple·2019-01-24·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: iTunes 12.9.3 for Windows
Apple Security Update: About the security content of iTunes 12.9.3 for Windows
Product: iTunes 12.9.3 for Windows
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-6227: tvOS 12.1.2
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: tvOS 12.1.2
Apple Security Update: About the security content of tvOS 12.1.2
Product: tvOS
Version: 12.1.2
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-6227: iOS 12.1.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: iOS 12.1.3
Apple Security Update: About the security content of iOS 12.1.3
Product: iOS
Version: 12.1.3
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-6227: watchOS 5.1.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: watchOS 5.1.3
Apple Security Update: About the security content of watchOS 5.1.3
Product: watchOS
Version: 5.1.3
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-6227: Safari 12.0.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: Safari 12.0.3
Apple Security Update: About the security content of Safari 12.0.3
Product: Safari
Version: 12.0.3
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-6227: iCloud for Windows 7.10
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: iCloud for Windows 7.10
Apple Security Update: About the security content of iCloud for Windows 7.10
Product: iCloud for Windows
Version: 7.10
CVE: CVE-2019-6227
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
Debian
CVE-2019-6227: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu...
vendor_debian·2019·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu...
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.22.5-1)
bullseye: resolved (fixed in 2.22.5-1)
forky: resolved (fixed in 2.22.5-1)
sid: resolved (fixed in 2.22.5-1)
trixie: resolved (fixed in 2.22.5-1)
GHSA
GHSA-c89c-m3h9-fjqf: A memory corruption issue was addressed with improved memory handling
ghsa_unreviewed·2022-05-13
CVE-2019-6227 [HIGH] CWE-787 GHSA-c89c-m3h9-fjqf: A memory corruption issue was addressed with improved memory handling
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
OSV
CVE-2019-6227: A memory corruption issue was addressed with improved memory handling
osv·2019-03-05·CVSS 8.8
CVE-2019-6227 [HIGH] CVE-2019-6227: A memory corruption issue was addressed with improved memory handling
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
No detection rules found.
No public exploits indexed.
Tenable
Apple iOS 12.1.3 Security Updates Address Multiple Vulnerabilities
blogs_tenable·2019-01-23
Apple iOS 12.1.3 Security Updates Address Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Apple iOS 12.1.3 Security Updates Address Multiple Vulnerabilities
blogs_tenable·2019-01-23·CVSS 7.8
CVE-2019-6227 [HIGH] Apple iOS 12.1.3 Security Updates Address Multiple Vulnerabilities
Blog / Cyber Exposure Alerts
Subscribe
# Apple iOS 12.1.3 Security Updates Address Multiple Vulnerabilities
Ryan Seguin
January 23, 2019
2 Min Read
Apple has released iOS 12.1.3 to fix 31 CVEs including a FaceTime remote code execution vulnerability
### Background
On January 22, Apple released iOS 12.1.3, which includes fixes for 31 different CVEs across multiple apps and services. This update also includes fixes for CVE-2019-6227 and CVE-2019-6225, which security researcher Qixun Zhao of Qihoo 360 Vulcan Team reportedly used in a code execution attack through FaceTime. The attack requires a user to tap on a malicious link, which could be achieved through social engineering.
### Analysis
An attacker could craft a malicious FaceTime link that, when clicked, exploits a kernel bug in
http://www.securityfocus.com/bid/106696https://security.gentoo.org/glsa/201903-12https://support.apple.com/HT209443https://support.apple.com/HT209447https://support.apple.com/HT209448https://support.apple.com/HT209449https://support.apple.com/HT209450https://support.apple.com/HT209451http://www.securityfocus.com/bid/106696https://security.gentoo.org/glsa/201903-12https://support.apple.com/HT209443https://support.apple.com/HT209447https://support.apple.com/HT209448https://support.apple.com/HT209449https://support.apple.com/HT209450https://support.apple.com/HT209451
2019-03-05
Published