CVE-2019-8568
MEDIUMiPhone OS < 12.3 - Unprotected File System Modification via Symlink Validation Issue
Title source: llmDescription
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210118
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210119
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210120
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210122
Scores
CVSS v3
5.5
EPSS
0.0036
EPSS Percentile
27.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (4)
apple/iphone_os
< 12.3
apple/mac_os_x
< 10.14.5
apple/tvos
< 12.3
apple/watchos
< 5.2.1
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026