CVE-2019-8857
LOWiPadOS < 13.3 - Unintended Live Photo Data Exposure via iCloud Link Sharing
Title source: llmDescription
The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210785
Scores
CVSS v3
3.3
EPSS
0.0029
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (2)
apple/ipados
< 13.3
apple/iphone_os
< 13.3
Published
Oct 27, 2020
Tracked Since
Feb 18, 2026