CVE-2019-8702

MEDIUM

Apple Iphone OS < 12.4 - Exposure to Wrong Actor

Title source: rule

Description

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

References (3)

[Vendor Advisory] https://support.apple.com/en-us/HT210346

[Vendor Advisory] https://support.apple.com/en-us/HT210348

[Vendor Advisory] https://support.apple.com/en-us/HT210351

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (21)

apple/iphone_os < 12.4

apple/mac_os_x < 10.14.6

apple/mac_os_x

... and 6 more

Timeline

Published Dec 23, 2021

Tracked Since Feb 18, 2026