Apple macOS vulnerabilities

CVE-2018-4418 [MEDIUM] CWE-20 CVE-2018-4418: A validation issue was addressed with improved input sanitization. This issue affected versions prio A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4178 [MEDIUM] CWE-732 CVE-2018-4178: A permissions issue existed in which execute permission was incorrectly granted. This issue was addr A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.

CVE-2018-4462 [MEDIUM] CWE-20 CVE-2018-4462: A validation issue was addressed with improved input sanitization. This issue affected versions prio A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.

CVE-2018-4308 [MEDIUM] CWE-125 CVE-2018-4308: An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prio An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4470 [LOW] CVE-2018-4470: A privacy issue in the handling of Open Directory records was addressed with improved indexing. This A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2019-6230 [HIGH] CWE-665 CVE-2019-6230: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

CVE-2019-6224 [HIGH] CWE-119 CVE-2019-6224: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.

CVE-2019-6223 [HIGH] CVE-2019-6223: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

CVE-2019-6225 [HIGH] CWE-787 CVE-2019-6225: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

CVE-2019-6214 [HIGH] CWE-843 CVE-2019-6214: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

CVE-2019-6218 [HIGH] CWE-787 CVE-2019-6218: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6213 [HIGH] CWE-119 CVE-2019-6213: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, ma A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6221 [HIGH] CWE-125 CVE-2019-6221: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.

CVE-2019-6211 [HIGH] CWE-787 CVE-2019-6211: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6200 [HIGH] CWE-125 CVE-2019-6200: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1. An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

CVE-2019-6202 [HIGH] CWE-125 CVE-2019-6202: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

CVE-2019-6219 [HIGH] CWE-20 CVE-2019-6219: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

CVE-2019-6210 [HIGH] CWE-787 CVE-2019-6210: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6205 [HIGH] CWE-787 CVE-2019-6205: A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iO A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVE-2019-6208 [MEDIUM] CWE-665 CVE-2019-6208: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.