CVE-2019-8513
published 2019-12-18CVE-2019-8513: This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
PriorityP349high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.92%
85.3th percentile
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.14.4 | 10.14.4 |
| apple | macos | >= unspecified < macOS Mojave 10.14.4 | macOS Mojave 10.14.4 |
| apple | macos_mojave_10.14.4_security_update_2019-002_high_sierra_security_update_2019-0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2019-8513: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
vendor_apple·2019-03-25·CVSS 7.8
CVE-2019-8513 [HIGH] CVE-2019-8513: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Apple Security Update: About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Product: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
CVE: CVE-2019-8513
Component: Time Machine
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
GHSA
GHSA-8qpr-xr7m-crmq: This issue was addressed with improved checks
ghsa_unreviewed·2022-05-24
CVE-2019-8513 [HIGH] GHSA-8qpr-xr7m-crmq: This issue was addressed with improved checks
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
No detection rules found.
Exploit-DB
Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)
exploitdb·2019-07-02
CVE-2019-8513 Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)
Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation',
'Description' => %q{
This module exploits a command injection in TimeMachine on macOS MSF_LICENSE,
'Author' => [
'CodeColorist', # Discovery and exploit
'timwr', # Metasploit module
],
'References' => [
['CVE', '2019-8513'],
['URL', 'https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43'],
['URL', 'https://support.apple.com/en-in/HT209600'],
['URL', 'https://github.com/ChiChou/sploits'],
],
'DefaultTarget' =>
Metasploit
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
metasploit
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This module exploits a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label. The tmdiagnose binary uses awk to list every mounted volume, and composes shell commands based on the volume labels. By creating a volume label with the backtick character, we can have our own binary executed with root priviledges.
Sentinelone
Privilege Escalation | macOS Malware & The Path to Root Part 1 - SentinelLabs
blogs_sentinelone·2019-11-06
Privilege Escalation | macOS Malware & The Path to Root Part 1 - SentinelLabs
In this two-part series, we take a look at privilege escalation on macOS. In Part 1, we look at some of the vulnerabilities that have been discovered by security researchers in recent versions of Apple’s Desktop OS, focusing on those that have been turned into reliable exploits. We draw conclusions for enterprise and end users alike based on this review. In Part 2, we switch from researchers to attackers and explore both how and why the methodology of macOS threat actors takes quite a different path from that of the research community.
## What is Privilege Escalation?
Let’s start by defining our terms. Whenever code executes, it does so within the context of a user who invokes it. Technically, users need not always actually be people, but for our purposes here we’ll stick to the simple c
Sentinelone
Privilege Escalation | macOS Malware & The Path to Root Part 1
blogs_sentinelone·2019-11-06
Privilege Escalation | macOS Malware & The Path to Root Part 1
## Privilege Escalation | macOS Malware & The Path to Root Part 1
In this two-part series, we take a look at privilege escalation on macOS. In Part 1, we look at some of the vulnerabilities that have been discovered by security researchers in recent versions of Apple’s Desktop OS, focusing on those that have been turned into reliable exploits. We draw conclusions for enterprise and end users alike based on this review. In Part 2 , we switch from researchers to attackers and explore both how and why the methodology of macOS threat actors takes quite a different path from that of the research community.
## What is Privilege Escalation?
Let’s start by defining our terms. Whenever code executes, it does so within the context of a user who invokes it. Technically, users need not always actua
2019-12-18
Published