CVE-2019-8526
Apple macOS Use-After-Free Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
Un problema de la memoria previamente liberada fue abordado con una mejor administración de memoria. Este problema es corregido en macOS Mojave versión 10.14.4. Una aplicación puede obtener privilegios elevados.
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-18 CVE Reserved
- 2019-03-26 CVE Published
- 2023-04-17 Exploited in Wild
- 2023-05-08 KEV Due Date
- 2025-01-29 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- First Exploit
CWE
- CWE-416: Use After Free