Apple tvOS vulnerabilities

CVE-2019-8813 [MEDIUM] CWE-79 CVE-2019-8813: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-8615 [MEDIUM] CWE-125 CVE-2019-8615: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8530 [MEDIUM] CVE-2019-8530: This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.

CVE-2019-8510 [MEDIUM] CWE-125 CVE-2019-8510: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-8705 [MEDIUM] CWE-787 CVE-2019-8705: A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catal A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously crafted movie may result in the disclosure of process memory.

CVE-2019-8540 [MEDIUM] CWE-665 CVE-2019-8540: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-8794 [MEDIUM] CWE-20 CVE-2019-8794: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.

CVE-2019-8649 [MEDIUM] CWE-79 CVE-2019-8649: A logic issue existed in the handling of synchronous page loads. This issue was addressed with impro A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross sit

CVE-2019-8560 [MEDIUM] CWE-125 CVE-2019-8560: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.

CVE-2019-8568 [MEDIUM] CWE-59 CVE-2019-8568: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.

CVE-2019-8608 [MEDIUM] CWE-416 CVE-2019-8608: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8598 [MEDIUM] CWE-119 CVE-2019-8598: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2019-8698 [LOW] CWE-20 CVE-2019-8698: A validation issue existed in the entitlement verification. This issue was addressed with improved v A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

CVE-2019-14899 [HIGH] CWE-300 CVE-2019-14899: A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a mal A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to in

CVE-2019-15903 [HIGH] CVE-2019-15903: tvOS 13.3 Apple Security Update: About the security content of tvOS 13.3 Product: tvOS Version: 13.3 CVE: CVE-2019-15903 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-15163 [HIGH] CVE-2019-15163: tvOS 13.3 Apple Security Update: About the security content of tvOS 13.3 Product: tvOS Version: 13.3 CVE: CVE-2019-15163 Component: CVE-2019-15163

CVE-2019-15164 [MEDIUM] CVE-2019-15164: tvOS 13.3 Apple Security Update: About the security content of tvOS 13.3 Product: tvOS Version: 13.3 CVE: CVE-2019-15164 Component: CVE-2019-15164

CVE-2019-15161 [MEDIUM] CVE-2019-15161: tvOS 13.3 Apple Security Update: About the security content of tvOS 13.3 Product: tvOS Version: 13.3 CVE: CVE-2019-15161 Component: CVE-2019-15161

CVE-2019-15162 [MEDIUM] CVE-2019-15162: tvOS 13.3 Apple Security Update: About the security content of tvOS 13.3 Product: tvOS Version: 13.3 CVE: CVE-2019-15162 Component: CVE-2019-15162