CVE-2019-8779

CRITICAL

Apple Ipados < 13.1.1 - Exposure to Wrong Actor

Title source: rule

Description

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.

References (1)

[Vendor Advisory] https://support.apple.com/HT210624

Scores

CVSS v3 10.0

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (2)

apple/ipados < 13.1.1

apple/iphone_os < 13.1.1

Timeline

Published Dec 18, 2019

Tracked Since Feb 18, 2026