CVE-2019-6210: Input Validation
First published: Tue Jan 22 2019(Updated: )
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.
Credit: Ned Williamson Google product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <12.1.2 | 12.1.2 |
| macOS Mojave | <10.14.3 | 10.14.3 |
| macOS High Sierra | ||
| macOS High Sierra | ||
| Apple iOS, iPadOS, and watchOS | <5.1.3 | 5.1.3 |
| Apple iOS and iPadOS | <12.1.3 | 12.1.3 |
| iPhone OS | <12.1.3 | |
| Apple iOS and macOS | <10.14.3 | |
| tvOS | <12.1.2 | |
| Apple iOS, iPadOS, and watchOS | <5.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209443 (Advisory)
- https://support.apple.com/en-us/HT209446 (Advisory)
- https://support.apple.com/en-us/HT209447 (Advisory)
- https://support.apple.com/en-us/HT209448 (Advisory)
- http://www.securityfocus.com/bid/106739
- https://support.apple.com/HT209443
- https://support.apple.com/HT209446
- https://support.apple.com/HT209447
- https://support.apple.com/HT209448
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-6235
- CVE-2019-6231
- CVE-2019-6230
- CVE-2019-6224
- CVE-2019-6214
- CVE-2019-6225
- CVE-2019-6210
- CVE-2019-6205
- CVE-2019-6213
- CVE-2019-6209
- CVE-2019-6208
- CVE-2019-6218
- CVE-2018-20346
- CVE-2018-20505
- CVE-2018-20506
- CVE-2019-6227
- CVE-2019-6233
- CVE-2019-6234
- CVE-2019-6229
- CVE-2019-6215
- CVE-2019-6212
- CVE-2019-6216
- CVE-2019-6217
- CVE-2019-6226
- CVE-2019-8570
- CVE-2019-6200
- CVE-2019-6202
- CVE-2019-6221
- CVE-2018-4467
- CVE-2018-4452
- CVE-2019-6219
- CVE-2019-6220
- CVE-2019-6211
- CVE-2019-6206
- CVE-2019-6228
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-6210.
What is the severity level of CVE-2019-6210?
The severity level of CVE-2019-6210 is critical with a CVSS score of 7.8.
Which software versions are affected by CVE-2019-6210?
iOS versions up to but excluding 12.1.3, macOS Mojave versions up to but excluding 10.14.3, tvOS versions up to but excluding 12.1.2, and watchOS versions up to but excluding 5.1.3 are affected.
How can a malicious application exploit CVE-2019-6210?
A malicious application may be able to execute arbitrary code with kernel privileges.
How can CVE-2019-6210 be fixed?
CVE-2019-6210 is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, and watchOS 5.1.3.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/apple
- canonical/tvos
- canonical/macos mojave
- canonical/macos high sierra
- canonical/apple ios, ipados, and watchos
- canonical/apple ios and ipados
- canonical/iphone os
- canonical/apple ios and macos