CVE-2019-8702

MEDIUM

iPhone OS < 12.4 and macOS < 10.14.6 - Unauthorized Persistent Account Identifier Exposure

Title source: llm
STIX 2.1

Description

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210348
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210346
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210351

Scores

CVSS v3 5.5
EPSS 0.0024
EPSS Percentile 14.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-668
Status published
Products (5)
apple/iphone_os < 12.4
apple/mac_os_x 10.12.6 (12 CPE variants)
apple/mac_os_x 10.13.6 (6 CPE variants)
apple/mac_os_x < 10.14.6
apple/tvos < 12.4
Published Dec 23, 2021
Tracked Since Feb 18, 2026