CVE-2019-8698Improper Input Validation in Apple Tvos

CWE-20Improper Input Validation5 documents4 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 63.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple TvosApple Iphone OS
Timeline
PublishedDec 18
Latest updateMay 24

Description

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5apple/tvosunspecifiedtvOS 12.4
NVDapple/tvos< 12.4
CVEListV5apple/iosunspecifiediOS 12.4
NVDapple/iphone_os< 12.4

🔴Vulnerability Details

2
GHSA
GHSA-24c7-89jw-rm65: A validation issue existed in the entitlement verification2022-05-24
CVEList
CVE-2019-8698: A validation issue existed in the entitlement verification2019-12-18

📋Vendor Advisories

2
Apple
CVE-2019-8698: tvOS 12.42019-07-22
Apple
CVE-2019-8698: iOS 12.42019-07-22
CVE-2019-8698 — Improper Input Validation in Apple Tvos | cvebase