CVE-2019-8757

LOW

macOS < 10.15 - Unprotected User Data Exposure via Race Condition in Preferences Handling

Title source: llm
STIX 2.1

Description

A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210634

Scores

CVSS v3 2.5
EPSS 0.0019
EPSS Percentile 8.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-362
Status published
Products (1)
apple/mac_os_x < 10.15
Published Dec 18, 2019
Tracked Since Feb 18, 2026