CVE-2019-6209: Input Validation
First published: Tue Jan 22 2019(Updated: )
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
Credit: Brandon Azad Google Project ZeroBrandon Azad Google Project ZeroBrandon Azad Google Project ZeroBrandon Azad Google Project Zero product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <5.1.3 | 5.1.3 |
| Apple tvOS | <12.1.2 | 12.1.2 |
| Apple iOS | <12.1.3 | 12.1.3 |
| Apple iPhone OS | <12.1.3 | |
| Apple Mac OS X | <10.14.3 | |
| Apple Tv Os | <12.1.2 | |
| Apple watchOS | <5.1.3 | |
| Apple macOS | <10.14.3 | 10.14.3 |
| Apple High Sierra | ||
| Apple Sierra |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209443 (Advisory)
- https://support.apple.com/en-us/HT209446 (Advisory)
- https://support.apple.com/en-us/HT209447 (Advisory)
- https://support.apple.com/en-us/HT209448 (Advisory)
- http://www.securityfocus.com/bid/106739
- https://support.apple.com/HT209443
- https://support.apple.com/HT209446
- https://support.apple.com/HT209447
- https://support.apple.com/HT209448
- https://www.exploit-db.com/exploits/46285/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-6235
- CVE-2019-6202
- CVE-2019-6231
- CVE-2019-6230
- CVE-2019-6224
- CVE-2019-6214
- CVE-2019-6210
- CVE-2019-6213
- CVE-2019-6209
- CVE-2019-6219
- CVE-2018-20346
- CVE-2018-20505
- CVE-2018-20506
- CVE-2019-6227
- CVE-2019-6216
- CVE-2019-6217
- CVE-2019-6226
- CVE-2019-6225
- CVE-2019-6205
- CVE-2019-6208
- CVE-2019-6218
- CVE-2019-6233
- CVE-2019-6234
- CVE-2019-6229
- CVE-2019-6215
- CVE-2019-6212
- CVE-2019-8570
- CVE-2019-6200
- CVE-2019-6221
- CVE-2019-6206
- CVE-2019-6228
- CVE-2019-6211
- CVE-2018-4467
- CVE-2018-4452
- CVE-2019-6220
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-6209.
What is the severity of CVE-2019-6209?
The severity of CVE-2019-6209 is medium with a severity value of 5.5.
What is the affected software for CVE-2019-6209?
The affected software for CVE-2019-6209 includes iPhone OS up to version 12.1.3, macOS Mojave up to version 10.14.3, tvOS up to version 12.1.2, and watchOS up to version 5.1.3.
How was CVE-2019-6209 addressed?
CVE-2019-6209 was addressed with improved input validation in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, and watchOS 5.1.3.
What can a malicious application do with CVE-2019-6209?
A malicious application may be able to determine kernel memory layout with CVE-2019-6209.
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tv os
- canonical/apple macos
- canonical/apple high sierra
- canonical/apple sierra