Vulnerability-Lookup

CVE-2019-8801 (GCVE-0-2019-8801)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31

Summary

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Running the iTunes installer in an untrusted directory may result in arbitrary code execution

Assigner

apple

References

URL

GSD-2019-8801

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8801

Aliases

CVE-2019-8801

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8801",
    "description": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
    "id": "GSD-2019-8801"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8801"
      ],
      "details": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
      "id": "GSD-2019-8801",
      "modified": "2023-12-13T01:23:48.381625Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8801",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Catalina 10.15.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iTunes for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iTunes for Windows 12.10.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Running the iTunes installer in an untrusted directory may result in arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210722",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210722"
          },
          {
            "name": "https://support.apple.com/HT210726",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210726"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8801"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210726",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210726"
            },
            {
              "name": "https://support.apple.com/HT210722",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210722"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-30T21:20Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

GHSA-C9XP-93V6-V7GJ

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8801"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
  "id": "GHSA-c9xp-93v6-v7gj",
  "modified": "2022-05-24T17:04:38Z",
  "published": "2022-05-24T17:04:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8801"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210722"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210726"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-44546

Vulnerability from cnvd - Published: 2019-12-10

Title

Apple macOS Catalina和Apple iTunes for Windows动态库加载漏洞

Description

Apple iTunes for Windows和Apple macOS Catalina都是美国苹果（Apple）公司的产品。Apple iTunes for Windows是一款基于Windows平台的媒体播放器应用程序。Apple macOS Catalina是一套专为Mac计算机所开发的专用操作系统。 Apple macOS Catalina 10.15.1之前版本和基于Windows平台的Apple iTunes 12.10.2之前版本中的iTunes组件存在安全漏洞。攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Apple macOS Catalina和Apple iTunes for Windows动态库加载漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT210726

Reference

https://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html https://www.auscert.org.au/bulletins/ESB-2019.4010/

Impacted products

Name
['Apple iTunes for Windows <12.10.2', 'Apple macOS Catalina <10.15.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8801"
    }
  },
  "description": "Apple iTunes for Windows\u548cApple macOS Catalina\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iTunes for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u548c\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iTunes 12.10.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684iTunes\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT210726",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44546",
  "openTime": "2019-12-10",
  "patchDescription": "Apple iTunes for Windows\u548cApple macOS Catalina\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iTunes for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002Apple macOS Catalina\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple macOS Catalina 10.15.1\u4e4b\u524d\u7248\u672c\u548c\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iTunes 12.10.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684iTunes\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Catalina\u548cApple iTunes for Windows\u52a8\u6001\u5e93\u52a0\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iTunes for Windows \u003c12.10.2",
      "Apple macOS Catalina \u003c10.15.1"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/155067/Apple-Security-Advisory-2019-10-29-2.html\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.4010/",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-05",
  "title": "Apple macOS Catalina\u548cApple iTunes for Windows\u52a8\u6001\u5e93\u52a0\u8f7d\u6f0f\u6d1e"
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: 2019-10-30 - Updated: 2019-10-31

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "initial_release_date": "2019-10-30T00:00:00",
  "last_revision_date": "2019-10-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

FKIE_CVE-2019-8801

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT210722	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT210726	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210722	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210726	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	itunes	*
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "4A70FE53-CD3F-4296-B209-64C6F24CE3A7",
              "versionEndExcluding": "12.10.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773457A-E670-4DDA-86E2-0923C1DCD9BA",
              "versionEndExcluding": "10.15.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Un problema de carga din\u00e1mica de la biblioteca exist\u00eda en la configuraci\u00f3n de iTunes. Esto fue abordado con una mejor b\u00fasqueda de ruta. Este problema es corregido en macOS Catalina versi\u00f3n 10.15.1, iTunes para Windows versi\u00f3n 12.10.2. Ejecutar el instalador de iTunes en un directorio no confiable puede resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2019-8801",
  "lastModified": "2024-11-21T04:50:30.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:42.663",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210722"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210726"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8801 (GCVE-0-2019-8801)

GSD-2019-8801

GHSA-C9XP-93V6-V7GJ

CNVD-2019-44546

CERTFR-2019-AVI-539

Solution

FKIE_CVE-2019-8801

Tags

Sightings

Nomenclature