Apple iOS vulnerabilities

CVE-2019-8541 [LOW] CVE-2019-8541: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

CVE-2019-8698 [LOW] CWE-20 CVE-2019-8698: A validation issue existed in the entitlement verification. This issue was addressed with improved v A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

CVE-2019-8630 [LOW] CVE-2019-8630: The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.

CVE-2019-8566 [LOW] CWE-20 CVE-2019-8566: An API issue existed in the handling of microphone data. This issue was addressed with improved vali An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user.

CVE-2019-8682 [LOW] CWE-306 CVE-2019-8682: The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A u The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2019-8775 [LOW] CVE-2019-8775: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVE-2019-8599 [LOW] CVE-2019-8599: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person wi A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.

CVE-2019-8742 [LOW] CVE-2019-8742: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVE-2019-6215 [HIGH] CWE-843 CVE-2019-6215: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6202 [HIGH] CWE-125 CVE-2019-6202: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

CVE-2019-6227 [HIGH] CWE-787 CVE-2019-6227: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6230 [HIGH] CWE-665 CVE-2019-6230: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

CVE-2019-6217 [HIGH] CWE-787 CVE-2019-6217: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6224 [HIGH] CWE-119 CVE-2019-6224: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.

CVE-2019-6233 [HIGH] CWE-787 CVE-2019-6233: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6213 [HIGH] CWE-119 CVE-2019-6213: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, ma A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6226 [HIGH] CWE-787 CVE-2019-6226: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6223 [HIGH] CVE-2019-6223: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

CVE-2019-6225 [HIGH] CWE-787 CVE-2019-6225: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.