{"id": "SMNTC-111160", "type": "symantec", "bulletinFamily": "software", "title": "Apple Xcode CVE-2019-8840 Arbitrary Code Execution Vulnerability", "description": "### Description\n\nApple Xcode is prone to an arbitrary code-execution vulnerability. Attackers can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Xcode 11.3 are vulnerable.\n\n### Technologies Affected\n\n * Apple Xcode 1.5 \n * Apple Xcode 10 \n * Apple Xcode 11 \n * Apple Xcode 11.1 \n * Apple Xcode 11.2 \n * Apple Xcode 2.0 \n * Apple Xcode 2.1 \n * Apple Xcode 2.2 \n * Apple Xcode 2.3 \n * Apple Xcode 3.0 \n * Apple Xcode 3.1 \n * Apple Xcode 3.1.1 \n * Apple Xcode 3.1.2 \n * Apple Xcode 3.1.3 \n * Apple Xcode 3.1.4 \n * Apple Xcode 3.2.1 \n * Apple Xcode 3.2.2 \n * Apple Xcode 3.2.3 \n * Apple Xcode 3.2.4 \n * Apple Xcode 3.2.5 \n * Apple Xcode 4.0.1 \n * Apple Xcode 4.0.2 \n * Apple Xcode 4.1.1 \n * Apple Xcode 4.2 \n * Apple Xcode 4.2.1 \n * Apple Xcode 4.3 \n * Apple Xcode 4.3.1 \n * Apple Xcode 4.3.2 \n * Apple Xcode 4.3.3 \n * Apple Xcode 4.4 \n * Apple Xcode 5.0 \n * Apple Xcode 6.0.1 \n * Apple Xcode 6.2 \n * Apple Xcode 6.3 \n * Apple Xcode 7.0 \n * Apple Xcode 7.1 \n * Apple Xcode 7.2 \n * Apple Xcode 7.3 \n * Apple Xcode 7.3.1 \n * Apple Xcode 8 \n * Apple Xcode 8.1 \n * Apple Xcode 9 \n * Apple Xcode 9.3 \n * Apple Xcode 9.4 \n * Apple Xcode 9.4.1 \n * Apple macOS 10.12 \n * Apple macOS 10.12.1 \n * Apple macOS 10.12.2 \n * Apple macOS 10.12.3 \n * Apple macOS 10.12.4 \n * Apple macOS 10.12.5 \n * Apple macOS 10.12.6 \n * Apple macOS 10.13 \n * Apple macOS 10.13.1 \n * Apple macOS 10.13.2 \n * Apple macOS 10.13.3 \n * Apple macOS 10.13.4 \n * Apple macOS 10.13.5 \n * Apple macOS 10.13.6 \n * Apple macOS 10.14 \n * Apple macOS 10.14.1 \n * Apple macOS 10.14.2 \n * Apple macOS 10.14.3 \n * Apple macOS 10.14.4 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits. \n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run all applications with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nSince some of these issues may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\n**Evaluate read, write, and execute permissions on all newly installed software.** \nTo limit exposure to these and other latent vulnerabilities, evaluate setgid and setuid settings on all installed applications.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-12-10T00:00:00", "modified": "2019-12-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111160", "reporter": "Symantec Security Response", "references": ["https://developer.apple.com/xcode/"], "cvelist": ["CVE-2019-8840"], "lastseen": "2019-12-11T20:30:20", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-8840"]}, {"type": "nessus", "idList": ["MACOS_XCODE_11_3.NASL"]}, {"type": "apple", "idList": ["APPLE:HT210796"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815870"]}], "modified": "2019-12-11T20:30:20", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-12-11T20:30:20", "rev": 2}, "vulnersScore": 7.1}, "affectedSoftware": [{"name": "Apple Xcode", "operator": "eq", "version": "3.2.5"}, {"name": "Apple Xcode", "operator": "eq", "version": "9.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "9"}, {"name": "Apple macOS", "operator": "eq", "version": "10.14.4"}, {"name": "Apple Xcode", "operator": "eq", "version": "9.4.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.3.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.1.2"}, {"name": "Apple macOS", "operator": "eq", "version": "10.14.2"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.2.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "8.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "11.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.6"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.3"}, {"name": "Apple macOS", "operator": "eq", "version": "10.14"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.2.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.14.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.5"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.4"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.6"}, {"name": "Apple Xcode", "operator": "eq", "version": "6.0.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.3.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.2.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.1.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.4"}, {"name": "Apple Xcode", "operator": "eq", "version": "11.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "2.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "2.0"}, {"name": "Apple Xcode", "operator": "eq", "version": "7.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.2.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "11"}, {"name": "Apple Xcode", "operator": "eq", "version": "5.0"}, {"name": "Apple Xcode", "operator": "eq", "version": "10"}, {"name": "Apple Xcode", "operator": "eq", "version": "7.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "7.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "7.0"}, {"name": "Apple Xcode", "operator": "eq", "version": "9.4"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13"}, {"name": "Apple Xcode", "operator": "eq", "version": "2.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.1.4"}, {"name": "Apple Xcode", "operator": "eq", "version": "6.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.1.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.5"}, {"name": "Apple macOS", "operator": "eq", "version": "10.14.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.0.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.1.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "7.3.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "8"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.0.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "6.3"}, {"name": "Apple Xcode", "operator": "eq", "version": "1.5"}, {"name": "Apple macOS", "operator": "eq", "version": "10.13.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.3.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "2.1"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.1"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.0"}, {"name": "Apple macOS", "operator": "eq", "version": "10.12.2"}, {"name": "Apple Xcode", "operator": "eq", "version": "4.4"}, {"name": "Apple Xcode", "operator": "eq", "version": "3.2.4"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T07:13:06", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-27T20:15:00", "title": "CVE-2019-8840", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8840"], "modified": "2020-11-02T17:18:00", "cpe": [], "id": "CVE-2019-8840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8840", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}], "apple": [{"lastseen": "2020-12-24T20:43:46", "bulletinFamily": "software", "cvelist": ["CVE-2019-8840"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Xcode 11.3\n\nReleased December 10, 2019\n\n**ld64**\n\nAvailable for: macOS Mojave 10.14.4 and later\n\nImpact: Compiling with untrusted sources may lead to arbitrary code execution with user privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8840: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\n\n\n\n## Additional recognition\n\n**Clang**\n\nWe would like to acknowledge David Stone of Uber ATC for their assistance.\n\nEntry updated February 3, 2020\n", "edition": 3, "modified": "2020-02-03T09:49:31", "published": "2020-02-03T09:49:31", "id": "APPLE:HT210796", "href": "https://support.apple.com/kb/HT210796", "title": "About the security content of Xcode 11.3 - Apple Support", "type": "apple", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-12-13T14:21:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8840"], "description": "This host is installed with Apple Xcode\n and is prone to an arbitrary code execution vulnerability.", "modified": "2019-12-12T00:00:00", "published": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310815870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815870", "type": "openvas", "title": "Apple Xcode Arbitrary Code Execution Vulnerability (HT210796)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:xcode\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815870\");\n script_version(\"2019-12-12T13:08:28+0000\");\n script_cve_id(\"CVE-2019-8840\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-12 13:08:28 +0000 (Thu, 12 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-12 11:00:05 +0530 (Thu, 12 Dec 2019)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Apple Xcode Arbitrary Code Execution Vulnerability (HT210796)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Xcode\n and is prone to an arbitrary code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an out-of-bounds read error\n related to an improper bounds checking.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct arbitrary code execution with user privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Xcode prior to version 11.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Xcode 11.3 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT210796\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\", \"gb_xcode_detect_macosx.nasl\");\n script_mandatory_keys(\"ssh/login/osx_version\", \"Xcode/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || version_is_less(version:osVer, test_version:\"10.14.4\")){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nxcVer = infos['version'];\nxcpath = infos['location'];\n\nif(version_is_less(version:xcVer, test_version:\"11.3\"))\n{\n report = report_fixed_ver(installed_version:xcVer, fixed_version:\"11.3\", install_path:xcpath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-29T11:21:06", "description": "The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.3. It is, therefore, affected\nby a vulnerability in the ld64 component due to insufficient bounds checking. An attacker can exploit this\nvulnerability by persuading a victim to open a specially crafted file in order to execute arbitrary code on the system\nor cause a denial-of-service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-13T00:00:00", "title": "Apple Xcode < 11.3 Code Execution (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8840"], "modified": "2019-12-13T00:00:00", "cpe": ["cpe:/a:apple:xcode"], "id": "MACOS_XCODE_11_3.NASL", "href": "https://www.tenable.com/plugins/nessus/132047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132047);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2019-8840\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2019-12-10-7\");\n script_xref(name:\"APPLE-SA\", value:\"HT210796\");\n\n script_name(english:\"Apple Xcode < 11.3 Code Execution (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An IDE application installed on the remote macOS or Mac OS X host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.3. It is, therefore, affected\nby a vulnerability in the ld64 component due to insufficient bounds checking. An attacker can exploit this\nvulnerability by persuading a victim to open a specially crafted file in order to execute arbitrary code on the system\nor cause a denial-of-service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210796\");\n # https://lists.apple.com/archives/security-announce/2019/Dec/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6953aa3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Xcode version 11.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:xcode\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_xcode_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Apple Xcode\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os))\n audit(AUDIT_OS_NOT, 'macOS or Mac OS X');\n\napp_info = vcf::get_app_info(app:'Apple Xcode');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '11.3' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}