ByteOS Network

Type	CWE ID	Description
N/A	N/A	Restoring a maliciously crafted backup file may lead to modification of protected system files

Hyperlink	Resource
https://support.apple.com/en-us/121844	N/A
https://support.apple.com/en-us/121845	N/A
https://support.apple.com/en-us/121839	N/A
https://support.apple.com/en-us/121843	N/A
https://support.apple.com/en-us/121837	N/A

Type	CWE ID	Description
CWE	CWE-434	CWE-434 Unrestricted Upload of File with Dangerous Type

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE ID	Type	Source
CWE-434	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

Hyperlink	Source	Resource
https://support.apple.com/en-us/121837	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121839	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121843	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121844	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121845	product-security@apple.com	Release Notes Vendor Advisory

CVE-2019-8707

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.49% / 80.82%

||

7 Day CHG-0.04%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes icloud tvos tvOS iTunes for Windows iCloud for Windows iCloud for Windows (Legacy)

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8830

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.75% / 82.33%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:54

Updated-04 Aug, 2024 | 21:31

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-iphone_os watchos tvos ipados mac_os_x iOS and iPadOS macOS iOS

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-8782

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.27% / 50.38%

||

7 Day CHG-0.01%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8752

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.59% / 68.89%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:45

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipad_os watchos tvos safari icloud iTunes for Windows watchOS Safari iCloud for Windows tvOS iOS and iPadOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8743

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.53% / 67.15%

||

7 Day CHG-0.02%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-watchos watchOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8733

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.49% / 80.82%

||

7 Day CHG-0.04%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes icloud tvos tvOS iTunes for Windows iCloud for Windows iCloud for Windows (Legacy)

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8571

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8735

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.11% / 77.92%

||

7 Day CHG-0.03%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes icloud tvos tvOS iTunes for Windows iCloud for Windows iCloud for Windows (Legacy)

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8745

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.09% / 77.74%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes icloud mac_os_x tvos iTunes for Windows iCloud for Windows macOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2019-8844

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-2.98% / 86.36%

||

7 Day CHG-0.26%

Published-27 Oct, 2020 | 19:55

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os ipados tvos watchos safari enterprise_linux_workstation enterprise_linux_desktop icloud iTunes for Windows watchOS Safari iCloud for Windows tvOS iOS and iPadOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8683

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.83% / 74.28%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari mac_os_x icloud iCloud for Windows (Microsoft Store)iTunes for Windows watchOS Safari macOS iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8644

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iCloud for Windows (Microsoft Store)iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-416

Use After Free

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8518

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-43.28% / 97.45%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:17

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari icloud iTunes for Windows watchOS Safari iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8783

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.41% / 60.86%

||

7 Day CHG-0.01%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8623

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-27.09% / 96.30%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari mac_os_x icloud iTunes for Windows watchOS Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8535

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-2.70% / 85.69%

||

7 Day CHG-0.07%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os tvos safari enterprise_linux_workstation enterprise_linux_desktop icloud iTunes for Windows iCloud for Windows Safari iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8523

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.29% / 79.46%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:17

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8822

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.86% / 74.87%

||

7 Day CHG-0.02%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8558

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-14.66% / 94.38%

||

7 Day CHG-0.59%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari icloud iTunes for Windows watchOS Safari iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8823

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.52% / 66.47%

||

7 Day CHG-0.01%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8536

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.93% / 83.19%

||

7 Day CHG-0.05%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os watchos tvos safari enterprise_linux_workstation enterprise_linux_desktop icloud iTunes for Windows watchOS Safari iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8751

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.59% / 68.89%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:46

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipad_os watchos tvos safari icloud iTunes for Windows watchOS Safari iCloud for Windows tvOS iOS and iPadOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8594

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8595

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8722

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.60% / 69.22%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Vendor-Apple Inc.

Product-xcode Xcode

CWE ID-CWE-20

Improper Input Validation

CVE-2019-8765

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-14.69% / 94.38%

||

7 Day CHG-0.33%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-watchos watchOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8679

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iCloud for Windows (Microsoft Store)iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8680

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iCloud for Windows (Microsoft Store)iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8825

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.55% / 67.61%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:51

Updated-04 Aug, 2024 | 21:31

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os icloud mac_os_x macOS iOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8815

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.03% / 77.16%

||

7 Day CHG-0.03%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os ipados tvos safari enterprise_linux_workstation enterprise_linux_desktop icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8821

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.01% / 76.87%

||

7 Day CHG-0.03%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8676

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-3.29% / 87.04%

||

7 Day CHG-0.37%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os watchos tvos safari enterprise_linux_workstation mac_os_x enterprise_linux_desktop icloud iCloud for Windows (Microsoft Store)iTunes for Windows watchOS Safari macOS iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8583

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.22%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari mac_os_x icloud iTunes for Windows watchOS Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8666

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iCloud for Windows (Microsoft Store)iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8816

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.52% / 66.47%

||

7 Day CHG+0.01%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os ipados tvos watchos safari enterprise_linux_workstation enterprise_linux_desktop icloud iTunes for Windows watchOS iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8603

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.44% / 62.99%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.

Vendor-Apple Inc.

Product-mac_os_x macOS

CWE ID-CWE-125

Out-of-bounds Read

CVE-2019-8619

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8724

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.60% / 69.22%

||

7 Day CHG+0.14%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Vendor-Apple Inc.

Product-xcode Xcode

CWE ID-CWE-20

Improper Input Validation

CVE-2019-8559

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.82% / 74.15%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos tvos safari icloud iTunes for Windows watchOS Safari iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8584

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-416

Use After Free

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8688

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-3.94% / 88.18%

||

7 Day CHG-1.33%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os watchos tvos safari enterprise_linux_workstation mac_os_x enterprise_linux_desktop icloud iCloud for Windows (Microsoft Store)iTunes for Windows watchOS Safari macOS iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8639

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.76% / 73.09%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:38

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos safari icloud iTunes for Windows watchOS iCloud for Windows Safari iOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8506

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-7.68% / 91.79%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-23 Oct, 2025 | 18:52

Known KEV||Action Due Date - 2022-05-25||Apply updates per vendor instructions.

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.Red Hat, Inc.

Product-itunes enterprise_linux_server tvos icloud watchos enterprise_linux_desktop enterprise_linux_workstation iphone_os safari Safari iOS iTunes for Windows tvOS watchOS iCloud for Windows Multiple Products

CWE ID-CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2019-8672

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-41.73% / 97.36%

||

7 Day CHG+0.80%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os watchos tvos safari enterprise_linux_workstation mac_os_x enterprise_linux_desktop icloud iCloud for Windows (Microsoft Store)iTunes for Windows watchOS Safari macOS iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8669

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-3.29% / 87.04%

||

7 Day CHG-1.12%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Red Hat, Inc.Apple Inc.

Product-enterprise_linux_server itunes iphone_os watchos tvos safari enterprise_linux_workstation mac_os_x enterprise_linux_desktop icloud iCloud for Windows (Microsoft Store)iTunes for Windows watchOS Safari macOS iCloud for Windows iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8723

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.60% / 69.22%

||

7 Day CHG+0.14%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

Vendor-Apple Inc.

Product-xcode Xcode

CWE ID-CWE-20

Improper Input Validation

CVE-2019-8596

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8638

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.76% / 73.09%

||

7 Day CHG~0.00%

Published-27 Oct, 2020 | 19:39

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os watchos safari icloud iTunes for Windows watchOS iCloud for Windows Safari iOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8763

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-1.44% / 80.53%

||

7 Day CHG-0.04%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:31

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os ipados tvos safari icloud iTunes for Windows iCloud for Windows Safari iOS iCloud for Windows (Legacy)tvOS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-8610

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-8.8||HIGH

EPSS-0.81% / 74.06%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 17:33

Updated-04 Aug, 2024 | 21:24

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-itunes iphone_os tvos safari mac_os_x icloud iTunes for Windows Safari iCloud for Windows macOS iOS tvOS

CWE ID-CWE-416

Use After Free

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-54525

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs