CVE-2019-8750 — Out-of-bounds Write in Apple Icloud FOR Windows

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 32.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple Watchos Apple Icloud

Timeline

PublishedDec 18

Latest updateMay 24

Description

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 11.0

▶NVDapple/icloud< 10.8

▶CVEListV5apple/watchosunspecified — watchOS 6.1

▶NVDapple/watchos< 6.1

🔴Vulnerability Details

GHSA

GHSA-q8p3-mqhp-2f73: Multiple memory corruption issues were addressed with improved input validation↗2022-05-24

▶

CVEList

CVE-2019-8750: Multiple memory corruption issues were addressed with improved input validation↗2019-12-18

▶

📋Vendor Advisories

Apple

CVE-2019-8750: iCloud for Windows 10.8↗2019-10-30

▶

Apple

CVE-2019-8750: watchOS 6.1↗2019-10-29

▶

Apple

CVE-2019-8750: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

Apple

CVE-2019-8750: macOS Catalina 10.15↗2019-10-07

▶

Apple

CVE-2019-8750: iTunes 12.10.1 for Windows↗2019-10-07

▶