CVE-2019-8506

HIGH KEV

Apple Icloud < 7.11 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/46647

View Code ZIP pw:eip

References (7)

[Release Notes, Vendor Advisory] https://support.apple.com/HT209599

[Release Notes, Vendor Advisory] https://support.apple.com/HT209601

[Release Notes, Vendor Advisory] https://support.apple.com/HT209602

[Release Notes, Vendor Advisory] https://support.apple.com/HT209603

[Release Notes, Vendor Advisory] https://support.apple.com/HT209604

[Release Notes, Vendor Advisory] https://support.apple.com/HT209605

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8506

Scores

CVSS v3 8.8

EPSS 0.0768

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-05-04

VulnCheck KEV 2021-10-11

InTheWild.io 2021-08-01

ENISA EUVD EUVD-2019-17896

Classification

CWE

CWE-843

Status published

Affected Products (9)

apple/icloud < 7.11

apple/itunes < 12.9.4

apple/safari < 12.1

apple/iphone_os < 12.2

apple/tvos < 12.2

apple/watchos < 5.2

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

Timeline

Published Dec 18, 2019

KEV Added May 04, 2022

Tracked Since Feb 18, 2026