CVE-2019-8789 — Link Following in Apple Macos

CWE-59 — Link Following5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 52.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Macos Apple Ipados +2 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.1

▶NVDapple/ipados< 13.2

▶NVDapple/mac_os_x< 10.15.1

▶CVEListV5apple/iosunspecified — iOS 13.2 and iPadOS 13.2

▶NVDapple/iphone_os< 13.2

🔴Vulnerability Details

GHSA

GHSA-2p5m-pxg9-g2wq: A validation issue existed in the handling of symlinks↗2022-05-24

▶

CVEList

CVE-2019-8789: A validation issue existed in the handling of symlinks↗2019-12-18

▶

📋Vendor Advisories

Apple

CVE-2019-8789: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

Apple

CVE-2019-8789: iOS 13.2 and iPadOS 13.2↗2019-10-28

▶