CVE-2019-8568Link Following in Apple Macos

CWE-59Link Following7 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOSApple MacosApple Tvos+3 more
Timeline
PublishedDec 18
Latest updateMay 24

Description

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5apple/tvosunspecifiedtvOS 12.3
NVDapple/tvos< 12.3
CVEListV5apple/macosunspecifiedmacOS Mojave 10.14.5
CVEListV5apple/watchosunspecifiedwatchOS 5.2.1
NVDapple/watchos< 5.2.1

🔴Vulnerability Details

2
GHSA
GHSA-q7gv-xfx9-7f68: A validation issue existed in the handling of symlinks2022-05-24
CVEList
CVE-2019-8568: A validation issue existed in the handling of symlinks2019-12-18

📋Vendor Advisories

4
Apple
CVE-2019-8568: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra2019-05-13
Apple
CVE-2019-8568: tvOS 12.32019-05-13
Apple
CVE-2019-8568: iOS 12.32019-05-13
Apple
CVE-2019-8568: watchOS 5.2.12019-05-13
CVE-2019-8568 — Link Following in Apple Macos | cvebase