CVE-2019-8526
published 2019-12-18CVE-2019-8526: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-05-08
Exploited in the wild
EPSS
0.70%
48.5th percentile
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.14.4 | 10.14.4 |
| apple | macos | >= unspecified < macOS Mojave 10.14.4 | macOS Mojave 10.14.4 |
| apple | macos_mojave_10.14.4_security_update_2019-002_high_sierra_security_update_2019-0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →KeyStealDaemon malware exploiting CVE-2019-8526 appeared on VirusTotal in mid-June 2019; targets unpatched macOS versions prior to 10.14.4 / Security Update 2019-002 to gain elevated privileges and access Keychain credentials. ↗
- →KeyStealDaemon provides attackers access to any credentials stored in the macOS Keychain on unpatched systems; monitor for unauthorized Keychain access attempts by unsigned or low-reputation applications. ↗
- ·CVE-2019-8526 is patched in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, and Security Update 2019-002 Sierra; systems running macOS 10.11 El Capitan or earlier remain permanently vulnerable as Apple did not backport the fix. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8m9-gxw7-g5pf: A use after free issue was addressed with improved memory management
ghsa_unreviewed·2022-05-24
CVE-2019-8526 [HIGH] CWE-416 GHSA-p8m9-gxw7-g5pf: A use after free issue was addressed with improved memory management
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
VulnCheck
Apple macOS Use-After-Free Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-8526 [HIGH] CWE-416 Apple macOS Use-After-Free Vulnerability
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Affected: Apple MacOS X
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/; https://objective-see.org/blog/blog_0x71.html; https://www.group-ib.com/resources/research-hub/hi-tech-crime-trends-2022/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-05-08
CISA
Apple macOS Use-After-Free Vulnerability
cisa·2023-04-17·CVSS 7.8
CVE-2019-8526 [HIGH] CWE-416 Apple macOS Use-After-Free Vulnerability
Vulnerability: Apple macOS Use-After-Free Vulnerability
Affected: Apple macOS
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://support.apple.com/en-us/HT209600; https://nvd.nist.gov/vuln/detail/CVE-2019-8526
Remediation Due Date: 2023-05-08
Apple
CVE-2019-8526: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
vendor_apple·2019-03-25·CVSS 7.8
CVE-2019-8526 [HIGH] CVE-2019-8526: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Apple Security Update: About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Product: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
CVE: CVE-2019-8526
Component: Security
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
No detection rules found.
No public exploits indexed.
Sentinelone
10 macOS Malware Outbreaks from 2019
blogs_sentinelone·2019-07-01
10 macOS Malware Outbreaks from 2019
Since we did our end of year review of macOS malware last December, we’ve seen an uptick in the number of new macOS malware outbreaks. New variants of old families, updated with fresh tricks as well as some novel malware never-before seen in the wild, both nation-state backed APTs and criminal gangs are increasingly targeting macOS users. In this post, we update you on the outbreaks we’ve seen so far in the first 6 months of 2019.
## 1. OSX.Dok Returns
We first spotted a new variant of OSX.Dok on January 9th during a routine search of samples on VirusTotal. Our investigation of the sample led us to discover the attacker’s servers, which held logs of infected victims, with new victims appearing in the logs on a daily basis.
OSX.Dok installs homebrew and a hidden version of Tor, along wit
Sentinelone
10 macOS Malware Outbreaks from 2019
blogs_sentinelone·2019-07-01
10 macOS Malware Outbreaks from 2019
Since we did our end of year review of macOS malware last December, we’ve seen an uptick in the number of new macOS malware outbreaks. New variants of old families, updated with fresh tricks as well as some novel malware never-before seen in the wild, both nation-state backed APTs and criminal gangs are increasingly targeting macOS users. In this post, we update you on the outbreaks we’ve seen so far in the first 6 months of 2019.
## 1. OSX.Dok Returns
We first spotted a new variant of OSX.Dok on January 9th during a routine search of samples on VirusTotal. Our investigation of the sample led us to discover the attacker’s servers, which held logs of infected victims, with new victims appearing in the logs on a daily basis.
ltro3fxssy7xsqgz.onion
## What Is The Risk?
OSX.Dok malware is
2019-12-18
Published
2023-04-17
Added to CISA KEV
Exploited in the wild