Apple iOS < 13.2 Multiple Vulnerabilities

The version of Apple iOS running on the mobile device is prior to 13.2. It is, therefore, affected by multiple vulnerabilities.

• A memory leak vulnerablity exists in the iOS Accounts, a remote attacker can exploit this using specially crafted input. (CVE-2019-8787)

• An authentication vulnerability exists in the iOS App store, a local attacker may be able to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803)

• Associated Domains vulnerable to data exfiltration. The attacker can exploit this issue by passing improper URL. An issue existed in the parsing of URLs. (CVE-2019-8788)

• A memory corruption issue exist in iOS Audio and AVEVideoEncoder. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8785, CVE-2019-8797, CVE-2019-8795)

• A validation issue existed in the handling of symlinks in iOS Books. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. (CVE-2019-8789)

• An inconsistent user interface issue exist in the iOS Contacts, processing a maliciously contact may lead to UI spoofing. (CVE-2017-7152)

• A memory corruption issue exists in the iOS File System Events, Graphics Driver, Kernel. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8798, CVE-2019-8784, CVE-2019-8786)

• An input validation exists in the iOS Kernel. An application may be able to read restricted memory.
  (CVE-2019-8794)

• An inconsistency in Wi-Fi network configuration in iOS Setup Assistant is vulnerable. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. (CVE-2019-8804)

• A iOS Screen Recording is vulnerable, a local user may be able to record the screen without a visible screen recording indicator. (CVE-2019-8793)

• A cross-site scripting (XSS) vulnerability exists in iOS WebKit due to improper validation of user-supplied input before returning it to users. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)

• An arbitrary code execution vulnerability exists in iOS WebKit and WebKit Processing Model. Multiple memory corruption vulnerabilities while processing maliciously crafted web content may lead to arbitrary code execution.
  (CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8815, CVE-2019-8782)

• A logic issue in the handling of state transitions allows an attacker within Wi-Fi range to compromise some confidentiality of network traffic. (CVE-2019-15126)

• The HTTP referrer header leaks browsing history to maliciously crafted websites. (CVE-2019-8827)

• A memory corruption vulnerability exists that allows applications to execute arbitrary code with kernel privileges. (CVE-2019-8829)