CVE-2019-6206

CRITICAL

iPhone OS < 12.1.3 - Password Autofill Information Exposure

Title source: llm
STIX 2.1

Description

An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106687
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209443

Scores

CVSS v3 9.8
EPSS 0.0149
EPSS Percentile 70.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
apple/iphone_os < 12.1.3
Published Mar 04, 2019
Tracked Since Feb 18, 2026