Apple iOS < 13.2 Multiple Vulnerabilities


The version of Apple iOS running on the mobile device is prior to 13.2. It is, therefore, affected by multiple vulnerabilities. - A memory leak vulnerablity exists in the iOS Accounts, a remote attacker can exploit this using specially crafted input. (CVE-2019-8787) - An authentication vulnerability exists in the iOS App store, a local attacker may be able to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803) - Associated Domains vulnerable to data exfiltration. The attacker can exploit this issue by passing improper URL. An issue existed in the parsing of URLs. (CVE-2019-8788) - A memory corruption issue exist in iOS Audio and AVEVideoEncoder. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8785, CVE-2019-8797, CVE-2019-8795) - A validation issue existed in the handling of symlinks in iOS Books. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. (CVE-2019-8789) - An inconsistent user interface issue exist in the iOS Contacts, processing a maliciously contact may lead to UI spoofing. (CVE-2017-7152) - A memory corruption issue exists in the iOS File System Events, Graphics Driver, Kernel. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8798, CVE-2019-8784, CVE-2019-8786) - An input validation exists in the iOS Kernel. An application may be able to read restricted memory. (CVE-2019-8794) - An inconsistency in Wi-Fi network configuration in iOS Setup Assistant is vulnerable. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. (CVE-2019-8804) - A iOS Screen Recording is vulnerable, a local user may be able to record the screen without a visible screen recording indicator. (CVE-2019-8793) - A cross-site scripting (XSS) vulnerability exists in iOS WebKit due to improper validation of user-supplied input before returning it to users. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813) - An arbitrary code execution vulnerability exists in iOS WebKit and WebKit Processing Model. Multiple memory corruption vulnerabilities while processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8815, CVE-2019-8782) - A logic issue in the handling of state transitions allows an attacker within Wi-Fi range to compromise some confidentiality of network traffic. (CVE-2019-15126) - The HTTP referrer header leaks browsing history to maliciously crafted websites. (CVE-2019-8827) - A memory corruption vulnerability exists that allows applications to execute arbitrary code with kernel privileges. (CVE-2019-8829)