CVE-2019-6224
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V3.0 | 8.8 | HIGH |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
More informations
Base: Exploitabilty MetricsThe Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Attack Vector This metric reflects the context by which vulnerability exploitation is possible. Network A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers). Attack Complexity This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. Low Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component. Privileges Required This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. None The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack. User Interaction This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component. Required Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator. Base: Scope MetricsAn important property captured by CVSS v3.0 is the ability for a vulnerability in one software component to impact resources beyond its means, or privileges. Scope Formally, Scope refers to the collection of privileges defined by a computing authority (e.g. an application, an operating system, or a sandbox environment) when granting access to computing resources (e.g. files, CPU, memory, etc). These privileges are assigned based on some method of identification and authorization. In some cases, the authorization may be simple or loosely controlled based upon predefined rules or standards. For example, in the case of Ethernet traffic sent to a network switch, the switch accepts traffic that arrives on its ports and is an authority that controls the traffic flow to other switch ports. Unchanged An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same. Base: Impact MetricsThe Impact metrics refer to the properties of the impacted component. Confidentiality Impact This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. High There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server. Integrity Impact This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. High There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component. Availability Impact This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. High There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable). Temporal MetricsThe Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability. Environmental Metrics |
nvd@nist.gov |
| V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 46433
Publication date : 2019-02-19 23h00 +00:00
Author : Google Security Research
EDB Verified : Yes
There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures.
* thread #7, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
* frame #0: 0x00007fff56baaa92 CoreVideo`CVMetalTextureBacking::releaseBackingUsage() + 20
frame #1: 0x00007fff56bae4c4 CoreVideo`CVMetalTextureCache::bufferBackingNotInUse(CVBufferBacking*) + 258
frame #2: 0x00007fff56b9eac5 CoreVideo`CVBufferBacking::releaseUsage() + 79
frame #3: 0x00007fff56bab20e CoreVideo`CVMetalTexture::finalize() + 42
frame #4: 0x00007fff55093e7c CoreFoundation`_CFRelease + 284
frame #5: 0x00007fff617bdac5 VideoToolbox`VTMetalTransferSessionTransferImageSync + 3096
frame #6: 0x00007fff6176f4fb VideoToolbox`VTPixelTransferSessionTransferImage + 11922
frame #7: 0x000000010629b3cb CMIOUnits`___lldb_unnamed_symbol331$$CMIOUnits + 773
frame #8: 0x000000010629909e CMIOUnits`___lldb_unnamed_symbol325$$CMIOUnits + 1868
frame #9: 0x0000000106297aa4 CMIOUnits`___lldb_unnamed_symbol322$$CMIOUnits + 5338
frame #10: 0x000000010630bb3b CMIOUnits`___lldb_unnamed_symbol1297$$CMIOUnits + 347
frame #11: 0x000000010627fda7 CMIOUnits`___lldb_unnamed_symbol193$$CMIOUnits + 267
frame #12: 0x00000001062bf2bb CMIOUnits`___lldb_unnamed_symbol630$$CMIOUnits + 26
frame #13: 0x00000001062f8061 CMIOUnits`___lldb_unnamed_symbol1126$$CMIOUnits + 65
frame #14: 0x000000010630bac0 CMIOUnits`___lldb_unnamed_symbol1297$$CMIOUnits + 224
frame #15: 0x000000010627fda7 CMIOUnits`___lldb_unnamed_symbol193$$CMIOUnits + 267
frame #16: 0x00000001062bf2bb CMIOUnits`___lldb_unnamed_symbol630$$CMIOUnits + 26
frame #17: 0x00000001062f8061 CMIOUnits`___lldb_unnamed_symbol1126$$CMIOUnits + 65
frame #18: 0x0000000106316e34 CMIOUnits`___lldb_unnamed_symbol1387$$CMIOUnits + 376
frame #19: 0x000000010627fda7 CMIOUnits`___lldb_unnamed_symbol193$$CMIOUnits + 267
frame #20: 0x0000000106317612 CMIOUnits`___lldb_unnamed_symbol1392$$CMIOUnits + 54
frame #21: 0x00000001062c009c CMIOUnits`___lldb_unnamed_symbol654$$CMIOUnits + 55
frame #22: 0x00007fff560868c9 CoreMediaIO`CMIOGraph::PullOutputUnits(bool, bool&, bool&, bool&) + 279
frame #23: 0x00007fff56086eee CoreMediaIO`CMIOGraph::DoWork(unsigned int) + 836
frame #24: 0x00007fff56089543 CoreMediaIO`CMIO::Thread::QueuedTWorkThread<unsigned int>::DoWork() + 125
frame #25: 0x00007fff56092c67 CoreMediaIO`CMIO::Thread::SignaledThread::ThreadLoop() + 227
frame #26: 0x00007fff56092b5a CoreMediaIO`CMIO::Thread::SignaledThread::WorkQueuedThreadCallback(void*) + 154
frame #27: 0x00007fff55f6c98b CoreMedia`figThreadMain + 277
frame #28: 0x00007fff7d10c661 libsystem_pthread.dylib`_pthread_body + 340
frame #29: 0x00007fff7d10c50d libsystem_pthread.dylib`_pthread_start + 377
frame #30: 0x00007fff7d10bbf9 libsystem_pthread.dylib`thread_start + 13
(lldb) down
frame #0: 0x00007fff56baaa92 CoreVideo`CVMetalTextureBacking::releaseBackingUsage() + 20
CoreVideo`CVMetalTextureBacking::releaseBackingUsage:
-> 0x7fff56baaa92 <+20>: jmpq *0x48(%rax)
0x7fff56baaa95 <+23>: popq %rbp
0x7fff56baaa96 <+24>: retq
0x7fff56baaa97 <+25>: nop
Additional crash dumps are attached.
This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS and Mac. I tested on iOS 12.1.1 and Mac OS X 10.13.6.
To reproduce issue on a Mac:
1) Add the line:
(subpath "/out")
to the (allow file-read* file-write* section of /System/Library/Sandbox/Profiles/com.apple.avconferenced.sb
2) Add the line:
(allow file-read* file-write*
(subpath "/out"))
to com.apple.identityservicesd.sb and restart the host
3) Compile video-replay-avc.cpp using:
g++ -std=c++11 -g -dynamiclib -o librecord.so video-replay-avc.cpp
4) Copy the output lib, librecord.so to /usr/lib/libSP.so
5) Sign the library by calling:
sudo codesign -f -s - /usr/lib/libSP.so
6) Compile video-replay-identity.cpp using:
g++ -std=c++11 -g -dynamiclib -o librecord_IDS.so video-replay-identity.cpp
7) Copy the output lib, librecord_IDS.so to /usr/lib/libSP_IDS.so
8) Sign the library by calling:
sudo codesign -f -s - /usr/lib/libSP_IDS.so
9) Download and build https://github.com/Tyilo/insert_dylib
10) Copy /System/Library/PrivateFrameworks/AVConference.framework/Versions/Current/AVConference to a local directory and run the command below.
insert_dylib --strip-codesig /usr/lib/libSP.so AVConference
11) Copy AVConference_patched to /System/Library/PrivateFrameworks/AVConference.framework/Versions/Current/AVConference
12) Sign the binary by calling:
sudo codesign -f -s - /System/Library/PrivateFrameworks/AVConference.framework/Versions/Current/AVConference
13) Copy /System/Library/PrivateFrameworks/IDSFoundation.framework/Versions/Current/IDSFoundation to a local directory and run the command below.
insert_dylib --strip-codesig /usr/lib/libSP_IDS.so IDSFoundation
14) Run the following commands, quickly, in sequence:
sudo cp IDSFoundation_patched /System/Library/PrivateFrameworks/IDSFoundation.framework/Versions/Current/IDSFoundation
sudo codesign -f -s - /System/Library/PrivateFrameworks/IDSFoundation.framework/Versions/Current/IDSFoundation
NOTE: If you are too slow, the terminal may crash because it detects IDSFoundation is unsigned. If this happens, open up the terminal and try the codesign call again. The terminal usually stays open a second or two before it crashes.
15) Extract out.zip into /out and make it world readable
16) Kill the avconferenced and identityservicesd processes. They will restart automatically
17) Make a FaceTime call to the target.
I performed these steps on a MacBook Air running 10.14.1
Taking a second look at this, the root cause of this issue is probably an overflow in splitting RED packets:
0 libsystem_platform.dylib 0x00007fff7d106164 _platform_memmove$VARIANT$Haswell + 580
1 com.apple.AVConference 0x00007fff646cb3f9 VCAudioRedBuilder_UpdateAudioPacketWithRedPayload + 50
2 com.apple.AVConference 0x00007fff6486360b _VCAudioReceiver_SplitRedPacket + 166
3 com.apple.AVConference 0x00007fff648646e7 _VCAudioReceiver_ProcessRTPPacket + 140
4 com.apple.AVConference 0x00007fff64861c40 _VCAudioReceiver_ReceiveProc + 272
5 com.apple.AVConference 0x00007fff64824db1 VCRealTimeThread_ThreadProc + 601
6 com.apple.CoreMedia 0x00007fff55f6c98b figThreadMain + 277
7 libsystem_pthread.dylib 0x00007fff7d10c661 _pthread_body + 340
8 libsystem_pthread.dylib 0x00007fff7d10c50d _pthread_start + 377
9 libsystem_pthread.dylib 0x00007fff7d10bbf9 thread_start + 13
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46433.zip
Products Mentioned
Configuraton 0
Apple>>Iphone_os >> Version To (excluding) 12.1.3
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.7 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.8 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.9 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.10 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.1.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.0.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 7.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 8.4.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 9.3.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.0.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.3.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 10.3.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 11 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.0.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.2.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.2.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 11.4.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 12.1.2 (Open CPE detail)
Apple>>Mac_os_x >> Version To (excluding) 10.14.3
- Apple>>Mac_os_x >> Version - (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.10 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.11 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.11.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.12.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.13.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.14 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.14.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.14.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.14.2 (Open CPE detail)
Apple>>Tv_os >> Version To (excluding) 12.1.2
Apple>>Watchos >> Version To (excluding) 5.1.3
- Apple>>Watchos >> Version - (Open CPE detail)
- Apple>>Watchos >> Version 1.0 (Open CPE detail)
- Apple>>Watchos >> Version 1.0.1 (Open CPE detail)
- Apple>>Watchos >> Version 2.0 (Open CPE detail)
- Apple>>Watchos >> Version 2.0.1 (Open CPE detail)
- Apple>>Watchos >> Version 2.1 (Open CPE detail)
- Apple>>Watchos >> Version 2.2 (Open CPE detail)
- Apple>>Watchos >> Version 2.2.0 (Open CPE detail)
- Apple>>Watchos >> Version 2.2.1 (Open CPE detail)
- Apple>>Watchos >> Version 2.2.2 (Open CPE detail)
- Apple>>Watchos >> Version 3.0 (Open CPE detail)
- Apple>>Watchos >> Version 3.1 (Open CPE detail)
- Apple>>Watchos >> Version 3.1.1 (Open CPE detail)
- Apple>>Watchos >> Version 3.1.3 (Open CPE detail)
- Apple>>Watchos >> Version 3.2 (Open CPE detail)
- Apple>>Watchos >> Version 3.2.2 (Open CPE detail)
- Apple>>Watchos >> Version 3.2.3 (Open CPE detail)
- Apple>>Watchos >> Version 4 (Open CPE detail)
- Apple>>Watchos >> Version 4.0 (Open CPE detail)
- Apple>>Watchos >> Version 4.0.1 (Open CPE detail)
- Apple>>Watchos >> Version 4.1 (Open CPE detail)
- Apple>>Watchos >> Version 4.2 (Open CPE detail)
- Apple>>Watchos >> Version 4.2.3 (Open CPE detail)
- Apple>>Watchos >> Version 4.3 (Open CPE detail)
- Apple>>Watchos >> Version 4.3.1 (Open CPE detail)
- Apple>>Watchos >> Version 4.3.2 (Open CPE detail)
- Apple>>Watchos >> Version 5.0 (Open CPE detail)
- Apple>>Watchos >> Version 5.0.1 (Open CPE detail)
- Apple>>Watchos >> Version 5.1 (Open CPE detail)
- Apple>>Watchos >> Version 5.1.1 (Open CPE detail)
- Apple>>Watchos >> Version 5.1.2 (Open CPE detail)
References
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.