CVE-2019-8760Improper Authentication in Apple IOS

CWE-287Improper Authentication5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 83.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple IOSApple Iphone OS
Timeline
PublishedDec 18
Latest updateMay 24

Description

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/iosunspecifiediOS 13
NVDapple/iphone_os< 13.0

🔴Vulnerability Details

2
GHSA
GHSA-cpx5-433m-c69m: This issue was addressed by improving Face ID machine learning models2022-05-24
CVEList
CVE-2019-8760: This issue was addressed by improving Face ID machine learning models2019-12-18

📋Vendor Advisories

1
Apple
CVE-2019-8760: iOS 132019-09-19

📄Research Papers

1
arXiv
On managing vulnerabilities in AI/ML systems2021-01-22
CVE-2019-8760 — Improper Authentication in Apple IOS | cvebase