CVE-2019-8502
LOWiPhone OS < 12.2 - Unauthorized Dictation Request via API Issue
Title source: llmDescription
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209599
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209601
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209600
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209602
Scores
CVSS v3
3.3
EPSS
0.0080
EPSS Percentile
52.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (4)
apple/iphone_os
< 12.2
apple/mac_os_x
< 10.14.4
apple/tvos
< 12.2
apple/watchos
< 5.2
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026