CVE-2019-6223
HIGH KEVmacOS < 10.14.3 - Unauthenticated Group FaceTime Call Answer Bypass
Title source: llmExploitation Summary
CVE-2019-6223 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209521
Release Notes, Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209520
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6223
Scores
CVSS v3
7.5
EPSS
0.0035
EPSS Percentile
58.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2019-02-08
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2019-15790
Status
published
Products (2)
apple/iphone_os
< 12.1.4
apple/mac_os_x
< 10.14.3
Published
Mar 05, 2019
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026