Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11456
HistoryMar 25, 2019 - 12:00 a.m.

KLA11456 Multiple vulnerabilities in Apple iCloud

2019-03-2500:00:00
Kaspersky Lab
threats.kaspersky.com
36

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.4%

JSON

Detect date:

03/25/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions and gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Apple iCloud earlier than 7.11

Solution:

Update to the latest version
Download iCloud

Original advisories:

HT209605

Impacts:

ACE

Related products:

Apple iCloud

CVE-IDS:

CVE-2019-72859.3Critical
CVE-2019-62019.3Critical
CVE-2019-85069.3Critical
CVE-2019-85189.3Critical
CVE-2019-85636.8High
CVE-2019-85449.3Critical
CVE-2019-85514.3Warning
CVE-2019-85359.3Critical
CVE-2019-85239.3Critical
CVE-2019-85596.8High
CVE-2019-85586.8High
CVE-2019-85039.3Critical
CVE-2019-85566.8High
CVE-2019-72924.3Warning
CVE-2019-85246.8High
CVE-2019-85369.3Critical
CVE-2019-85426.8High
CVE-2019-85154.3Warning
CVE-2019-62327.6Critical
CVE-2019-62367.6Critical
CVE-2019-86396.8High
CVE-2019-86386.8High

References

Related

apple 14
openvas 9
kaspersky 1
nessus 22
suse 4
ubuntu 1
threatpost 1
freebsd 1
gentoo 1
prion 22
cve 22
ubuntucve 16
redhatcve 15
debiancve 16
alpinelinux 9
veracode 15
zdt 3
cisa_kev 1
checkpoint_advisories 3
zdi 1
attackerkb 1
rocky 1
redhat 3
osv 2
thn 3
myhack58 1
amazon 1
oraclelinux 1
centos 1
googleprojectzero 1
kitploit 1
apple
apple
About the security content of iCloud for Windows 7.11 - Apple Support
2019-06-24 08:18:10
About the security content of iCloud for Windows 7.11
2019-03-25 00:00:00
About the security content of iTunes 12.9.4 for Windows - Apple Support
2019-06-24 08:16:14
openvas
openvas
Apple iCloud Security Updates( HT209605 )
2019-03-26 00:00:00
Apple iTunes Security Updates (HT209604)
2019-03-26 00:00:00
Apple Safari Security Updates( HT209603 )
2019-03-26 00:00:00
kaspersky
kaspersky
KLA11455 Multiple vulnerabilities in Apple iTunes
2019-03-25 00:00:00
nessus
nessus
openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)
2019-05-13 00:00:00
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1)
2019-05-06 00:00:00
openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1391)
2019-05-14 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2019-05-10 00:00:00
Security update for webkit2gtk3 (important)
2019-05-13 00:00:00
Security update for webkit2gtk3 (important)
2019-11-30 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2019-04-16 00:00:00
threatpost
threatpost
Apple iOS 12.2 Patches 51 Serious Flaws
2019-03-26 13:54:14
freebsd
freebsd
webkit2-gtk3 -- Multiple vulnerabilities
2019-04-10 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2019-09-06 00:00:00
prion
prion
Race condition
2019-12-18 18:15:00
Memory corruption
2019-12-18 18:15:00
Cross site scripting
2019-12-18 18:15:00
cve
cve
CVE-2019-6201
2019-12-18 18:15:00
CVE-2019-6236
2019-12-18 18:15:00
CVE-2019-8515
2019-12-18 18:15:00
ubuntucve
ubuntucve
CVE-2019-7292
2019-12-18 00:00:00
CVE-2019-8535
2019-04-11 00:00:00
CVE-2019-6201
2019-12-18 00:00:00
redhatcve
redhatcve
CVE-2019-8535
2020-01-12 21:51:07
CVE-2019-7292
2020-04-07 17:13:31
CVE-2019-8523
2019-05-13 11:22:47
debiancve
debiancve
CVE-2019-8515
2019-12-18 18:15:00
CVE-2019-7292
2019-12-18 18:15:00
CVE-2019-8535
2019-12-18 18:15:00
alpinelinux
alpinelinux
CVE-2019-8535
2019-12-18 18:15:00
CVE-2019-8536
2019-12-18 18:15:00
CVE-2019-8506
2019-12-18 18:15:00
veracode
veracode
Information Disclosure
2021-02-03 07:38:04
Arbitrary Code Execution
2020-10-01 03:52:19
Arbitrary Code Execution
2021-02-03 07:38:06
zdt
zdt
WebKit JavaScriptCore - createRegExpMatchesArray Type Confusion Exploit
2019-04-03 00:00:00
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Exploit
2019-04-03 00:00:00
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free Exploit
2019-04-03 00:00:00
cisa_kev
cisa_kev
Apple Multiple Products Type Confusion Vulnerability
2022-05-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Multiple Products Memory Corruption (CVE-2019-8518)
2020-07-03 00:00:00
Apple iOS Remote Code Execution (CVE-2019-8506)
2020-12-06 00:00:00
Apple Multiple Products Memory Corruption (CVE-2019-8558)
2020-07-03 00:00:00
zdi
zdi
Apple Safari GraphicsContext Use-After-Free Remote Code Execution Vulnerability
2019-03-26 00:00:00
attackerkb
attackerkb
CVE-2019-8506
2019-12-18 00:00:00
rocky
rocky
GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
redhat
redhat
(RHSA-2019:3553) Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
(RHSA-2020:4035) Moderate: webkitgtk4 security, bug fix, and enhancement update
2020-09-29 07:53:27
(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update
2020-10-27 14:57:54
osv
osv
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
thn
thn
Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
2021-11-12 05:38:00
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
2022-05-05 02:38:00
Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
2019-03-26 08:44:00
myhack58
myhack58
In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net
2019-09-17 00:00:00
amazon
amazon
Medium: webkitgtk4
2020-11-09 21:05:00
oraclelinux
oraclelinux
webkitgtk4 security, bug fix, and enhancement update
2020-10-06 00:00:00
centos
centos
webkitgtk4 security update
2020-10-20 19:07:36
googleprojectzero
googleprojectzero
JSC Exploits
2019-08-29 00:00:00
kitploit
kitploit
Fuzzilli - A JavaScript Engine Fuzzer
2020-11-21 20:30:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.4%

JSON
Related for KLA11456
apple14openvas9kaspersky1nessus22suse4ubuntu1threatpost1freebsd1gentoo1prion22cve22ubuntucve16redhatcve15debiancve16alpinelinux9veracode15zdt3cisa_kev1checkpoint_advisories3zdi1attackerkb1rocky1redhat3osv2thn3myhack581amazon1oraclelinux1centos1googleprojectzero1kitploit1