Design/Logic Flaw

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing...

Cross site scripting

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...

Design/Logic Flaw

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

Memory corruption

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

Memory corruption

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory...

Input validation

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

CVE-2019-8562

CVE-2019-8562 is a memory corruption issue in WebKit that could allow a sandboxed process to circumvent sandbox restrictions. The description indicates improvements in validation and memory handling as the root cause. Affected platforms include iOS, tvOS, Safari, and Windows via Safari/iTunes com...

CVE-2019-8562

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2019-8563

CVE-2019-8563 is a memory corruption issue reported by Apple, addressed as part of WebKit/Apple platform updates. The vulnerability could allow arbitrary code execution when processing maliciously crafted web content. It is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for...

CVE-2019-8563

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8567

CVE-2019-8567 relates to a user privacy issue in macOS/iOS where a device could be passively tracked by its Wi‑Fi MAC address. The root cause is the broadcast MAC being present; mitigation is removing the broadcast MAC address. Apple fixes are in iOS 12.2 (and corresponding macOS/iOS advisories) ...

CVE-2019-8566

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user...

CVE-2019-8565

A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges...

CVE-2019-8567

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address...

CVE-2019-8566

CVE-2019-8566 concerns the ReplayKit component in iOS, where an API issue in how microphone data is handled could allow a malicious app to access the microphone without user indication. The vulnerability’s impact is privacy-related, enabling eavesdropping on audio without visible prompts. Apple a...

CVE-2019-8554

CVE-2019-8554 describes a permissions issue in the handling of motion and orientation data that could allow a website to access sensor information without user consent. The issue is addressed with restrictions and is fixed in iOS 12.2. Related entries indicate this vulnerability affects Safari’s ...

CVE-2019-8554

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent...

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

CVE-2019-8559

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8536

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...