Apple macOS vulnerabilities

CVE-2019-8608 [MEDIUM] CWE-416 CVE-2019-8608: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8597 [MEDIUM] CWE-787 CVE-2019-8597: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-7293 [MEDIUM] CWE-787 CVE-2019-7293: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.

CVE-2019-8546 [MEDIUM] CVE-2019-8546: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.

CVE-2019-8817 [MEDIUM] CWE-20 CVE-2019-8817: A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Cata A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory.

CVE-2019-8769 [MEDIUM] CVE-2019-8769: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. T An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.

CVE-2019-8521 [MEDIUM] CVE-2019-8521: This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.

CVE-2019-8598 [MEDIUM] CWE-119 CVE-2019-8598: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.

CVE-2019-8519 [MEDIUM] CWE-125 CVE-2019-8519: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Moja An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.

CVE-2019-8670 [MEDIUM] CWE-20 CVE-2019-8670: An inconsistent user interface issue was addressed with improved state management. This issue is fix An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.

CVE-2019-8615 [MEDIUM] CWE-125 CVE-2019-8615: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8691 [MEDIUM] CWE-125 CVE-2019-8691: A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Moja A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.

CVE-2019-8537 [MEDIUM] CVE-2019-8537: An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 1 An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.

CVE-2019-8507 [MEDIUM] CWE-20 CVE-2019-8507: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.

CVE-2019-8690 [MEDIUM] CWE-79 CVE-2019-8690: A logic issue existed in the handling of document loads. This issue was addressed with improved stat A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site script

CVE-2019-8510 [MEDIUM] CWE-125 CVE-2019-8510: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-8649 [MEDIUM] CWE-79 CVE-2019-8649: A logic issue existed in the handling of synchronous page loads. This issue was addressed with impro A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross sit

CVE-2019-8730 [LOW] CWE-200 CVE-2019-8730: The contents of locked notes sometimes appeared in search results. This issue was addressed with imp The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2019-8757 [LOW] CWE-362 CVE-2019-8757: A race condition existed when reading and writing user preferences. This was addressed with improved A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.