CVE-2019-8514: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may…

CVE-2019-8514 [HIGH] CVE-2019-8514: watchOS 5.2 Apple Security Update: About the security content of watchOS 5.2 Product: watchOS Version: 5.2 CVE: CVE-2019-8514 Component: Kernel Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management.

CVE-2019-8514 [HIGH] CVE-2019-8514: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra Apple Security Update: About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra Product: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra CVE: CVE-2019-8514 Component: Kernel Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management.

CVE-2019-8514 [HIGH] CVE-2019-8514: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8514 Component: Kernel Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management.

CVE-2019-8514 [HIGH] CVE-2019-8514: iOS 12.2 Apple Security Update: About the security content of iOS 12.2 Product: iOS Version: 12.2 CVE: CVE-2019-8514 Component: Kernel Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management.

CVE-2019-8514 [MEDIUM] GHSA-jh7p-rf2f-w3qg: A logic issue was addressed with improved state management A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.

CVE-2019-8514 iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe iOS p_pid = nextpid; child_proc->p_responsible_pid = nextpid; child_proc->p_idversion = nextpidversion++; ...; When using audit_tokens, the previously described attack would now require creating two different processes which have the same pair of (pid, pidversion), which in turn would require spawning roughly 2**32 processes to wrap around the pidversion. However, the pidversion is additionally incremented during execve (from bsd/kern/kern_exec.c): /* Update the process' identity version and set the security token */ p->p_idversion++; This is likely done to prevent another attack where a process sends an IPC message, then immediately execve's a privileged binary. The problem here is that the pidversion is incremented "ad-hoc", without updating the global nextpidversion variable. With th