CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6214 – macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
https://notcve.org/view.php?id=CVE-2019-6214
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox. Se abordó un problema de confusión de tipos con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://www.exploit-db.com/exploits/46298 http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6208 – macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
https://notcve.org/view.php?id=CVE-2019-6208
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes. Se abordó un problema de inicialización de memoria con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://www.exploit-db.com/exploits/46296 http://www.securityfocus.com/bid/106695 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6210
https://notcve.org/view.php?id=CVE-2019-6210
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación de entradas. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 1CVE-2019-6224 – FaceTime - Texture Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2019-6224
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. Se abordó un problema de desbordamiento de búfer con la mejora de la gestión de memoria. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2 y watchOS 5.1.3. • https://www.exploit-db.com/exploits/46433 http://www.securityfocus.com/bid/106739 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 https://support.apple.com/HT209448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2019-6225 – iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
https://notcve.org/view.php?id=CVE-2019-6225
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. Se abordó un problema de corrupción de memoria con la mejora de la validación. Este problema se ha resuelto en iOS 12.1.3, macOS Mojave 10.14.3 y tvOS 12.1.2. • https://www.exploit-db.com/exploits/46248 https://github.com/TrungNguyen1909/CVE-2019-6225-macOS http://www.securityfocus.com/bid/106695 https://support.apple.com/HT209443 https://support.apple.com/HT209446 https://support.apple.com/HT209447 • CWE-787: Out-of-bounds Write •