9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.806 High
EPSS
Percentile
98.3%
The version of Apple iOS running on the mobile device is prior to 13.2. It is, therefore, affected by multiple vulnerabilities.
A memory leak vulnerablity exists in the iOS Accounts, a remote attacker can exploit this using specially crafted input. (CVE-2019-8787)
An authentication vulnerability exists in the iOS App store, a local attacker may be able to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803)
Associated Domains vulnerable to data exfiltration. The attacker can exploit this issue by passing improper URL. An issue existed in the parsing of URLs. (CVE-2019-8788)
A memory corruption issue exist in iOS Audio and AVEVideoEncoder. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8785, CVE-2019-8797, CVE-2019-8795)
A validation issue existed in the handling of symlinks in iOS Books. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. (CVE-2019-8789)
An inconsistent user interface issue exist in the iOS Contacts, processing a maliciously contact may lead to UI spoofing. (CVE-2017-7152)
A memory corruption issue exists in the iOS File System Events, Graphics Driver, Kernel. An application may be able to execute arbitrary code with system privileges. (CVE-2019-8798, CVE-2019-8784, CVE-2019-8786)
An input validation exists in the iOS Kernel. An application may be able to read restricted memory.
(CVE-2019-8794)
An inconsistency in Wi-Fi network configuration in iOS Setup Assistant is vulnerable. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. (CVE-2019-8804)
A iOS Screen Recording is vulnerable, a local user may be able to record the screen without a visible screen recording indicator. (CVE-2019-8793)
A cross-site scripting (XSS) vulnerability exists in iOS WebKit due to improper validation of user-supplied input before returning it to users. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)
An arbitrary code execution vulnerability exists in iOS WebKit and WebKit Processing Model. Multiple memory corruption vulnerabilities while processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8815, CVE-2019-8782)
A logic issue in the handling of state transitions allows an attacker within Wi-Fi range to compromise some confidentiality of network traffic. (CVE-2019-15126)
The HTTP referrer header leaks browsing history to maliciously crafted websites. (CVE-2019-8827)
A memory corruption vulnerability exists that allows applications to execute arbitrary code with kernel privileges. (CVE-2019-8829)
Binary data apple_ios_132_check.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8787
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8829
support.apple.com/en-us/HT210721
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.806 High
EPSS
Percentile
98.3%