CVE-2019-8805 — Improper Input Validation in Apple Macos

CWE-20 — Improper Input Validation5 documents4 sources

Severity

7.8HIGHNVD

EPSS

13.5%

top 5.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple MAC OS X Apple Macos Catalina 10.15.1 Security Update 2019-001 AND Security Update 2019-006

Timeline

PublishedDec 18

Latest updateMay 24

Description

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Appleapple/macos_catalina_10.15.1_security_update_2019-001_and_security_update_2019-006

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.1

▶NVDapple/mac_os_x< 10.15.1

🔴Vulnerability Details

GHSA

GHSA-75c4-xj7m-vrpm: A validation issue existed in the entitlement verification↗2022-05-24

▶

📋Vendor Advisories

Apple

CVE-2019-8805: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

🕵️Threat Intelligence

Sentinelone

Privilege Escalation | macOS Malware & The Path to Root Part 1 - SentinelLabs↗2019-11-06

▶

Sentinelone

Privilege Escalation | macOS Malware & The Path to Root Part 1↗2019-11-06

▶