cbcvebase.
CVE-2019-8526
published 2019-12-18

CVE-2019-8526: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated…

PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-05-08
Exploited in the wild
EPSS
0.70%
48.5th percentile
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
applemac_os_x< 10.14.410.14.4
applemacos>= unspecified < macOS Mojave 10.14.4macOS Mojave 10.14.4
applemacos_mojave_10.14.4_security_update_2019-002_high_sierra_security_update_2019-0

Detection & IOCsextracted from sources · hover to see the quote

hash496bde91a9ea1cf577989212146e7e4bcdd6c812995087c16b016065b0d11ab1
  • KeyStealDaemon malware exploiting CVE-2019-8526 appeared on VirusTotal in mid-June 2019; targets unpatched macOS versions prior to 10.14.4 / Security Update 2019-002 to gain elevated privileges and access Keychain credentials.
  • KeyStealDaemon provides attackers access to any credentials stored in the macOS Keychain on unpatched systems; monitor for unauthorized Keychain access attempts by unsigned or low-reputation applications.
  • ·CVE-2019-8526 is patched in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, and Security Update 2019-002 Sierra; systems running macOS 10.11 El Capitan or earlier remain permanently vulnerable as Apple did not backport the fix.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.