CVE-2019-8535

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8550

CVE-2019-8550 concerns the FaceTime pausing behavior. According to the provided sources, an issue caused a user’s FaceTime video to fail to pause if they exited the FaceTime app while the call was ringing. The vulnerability is fixed by updated logic in the affected platforms: iOS 12.2, macOS Moja...

CVE-2019-8541

Summary: CVE-2019-8541 is a privacy issue in motion sensor calibration that could allow a malicious app to track users between installs. It affects Apple devices and was fixed in iOS 12.2 and watchOS 5.2 via improved motion sensor processing. Huawei’s advisory (HWPSIRT-2019-05147) confirms this C...

CVE-2019-8551

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting...

CVE-2019-8511

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges...

CVE-2019-8502

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization...

CVE-2019-8504

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

CVE-2019-8506

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8521

CVE-2019-8521 affects Apple platforms (iOS and macOS) with a logic/checks issue that could allow a malicious application to overwrite arbitrary files. The vulnerability is documented as addressed by improved checks and is fixed in iOS 12.2 and macOS Mojave 10.14.4. Public references (Apple adviso...

CVE-2019-8506

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8515

CVE-2019-8515 concerns a cross-origin issue in the WebKit fetch API. The vulnerability could allow disclosure of sensitive user information when processing malicious web content. Apple’s advisories fix it in iOS 12.2, tvOS 12.2, Safari 12.1 for Windows, and iCloud for Windows 7.11; iTunes 12.9.4 ...

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

CVE-2019-7292

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory...

CVE-2019-8515

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...

CVE-2019-8504

CVE-2019-8504 is an Apple memory initialization issue affecting the IOKit/kernel memory handling. The vulnerability could allow a local user to read kernel memory. The issue is addressed in official Apple advisories with patches in iOS 12.2 and macOS Mojave 10.14.4; multiple connected sources con...

CVE-2019-8524

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8524

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8505

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting...

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure...