CVE-2019-8779Resource Exposure in Apple Ipados

CWE-668Resource Exposure4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.5%
top 33.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple IpadosApple Iphone OS
Timeline
PublishedDec 18
Latest updateMay 24

Description

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

NVDapple/ipados< 13.1.1
CVEListV5apple/iosunspecifiediOS 13.1.1 and iPadOS 13.1.1
NVDapple/iphone_os< 13.1.1

🔴Vulnerability Details

2
GHSA
GHSA-r3vc-w727-947p: A logic issue applied the incorrect restrictions2022-05-24
CVEList
CVE-2019-8779: A logic issue applied the incorrect restrictions2019-12-18

📋Vendor Advisories

1
Apple
CVE-2019-8779: iOS 13.1.1 and iPadOS 13.1.12019-09-27
CVE-2019-8779 — Resource Exposure in Apple Ipados | cvebase