CVE-2019-7286: Apple Multiple Products Memory Corruption Vulnerability
First published: Thu Feb 07 2019(Updated: )
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
Credit: product-security@apple.com an anonymous researcher Clement Lecigne Google Threat Analysis GroupIan Beer Google Project Zero Samuel Groß Google Project Zeroan anonymous researcher Clement Lecigne Google Threat Analysis GroupIan Beer Google Project Zero Samuel Groß Google Project Zeroan anonymous researcher Clement Lecigne Google Threat Analysis GroupIan Beer Google Project Zero Samuel Groß Google Project Zeroan anonymous researcher Clement Lecigne Google Threat Analysis GroupIan Beer Google Project Zero Samuel Groß Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <12.1.4 | |
| Apple Mac OS X | <10.14.3 | |
| Apple macOS Mojave Supplemental Update | <10.14.3 | 10.14.3 |
| Apple watchOS | <5.2 | 5.2 |
| Apple tvOS | <12.2 | 12.2 |
| Apple iOS | <12.1.4 | 12.1.4 |
| Apple Multiple Products | ||
| <12.1.4 | ||
| <10.14.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/HT209520
- https://support.apple.com/HT209521
- https://support.apple.com/HT209601
- https://support.apple.com/HT209602
- https://support.apple.com/en-us/HT209521 (Advisory)
- https://support.apple.com/en-us/HT209602 (Advisory)
- https://support.apple.com/en-us/HT209601 (Advisory)
- https://support.apple.com/en-us/HT209520 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2019-7286
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-6223
- CVE-2019-7286
- CVE-2019-7288
- CVE-2019-8538
- CVE-2019-8516
- CVE-2019-8552
- CVE-2019-8511
- CVE-2019-8542
- CVE-2019-8906
- CVE-2019-8553
- CVE-2019-8545
- CVE-2019-5608
- CVE-2019-8547
- CVE-2019-8525
- CVE-2019-8527
- CVE-2019-8528
- CVE-2019-8540
- CVE-2019-8514
- CVE-2019-6207
- CVE-2019-8510
- CVE-2019-7293
- CVE-2019-8532
- CVE-2019-8546
- CVE-2019-8548
- CVE-2019-8549
- CVE-2019-8541
- CVE-2019-8618
- CVE-2019-8531
- CVE-2019-8502
- CVE-2019-8517
- CVE-2019-8536
- CVE-2019-8544
- CVE-2019-8506
- CVE-2019-8518
- CVE-2019-8558
- CVE-2019-8559
- CVE-2019-8563
- CVE-2019-8638
- CVE-2019-8639
- CVE-2019-7292
- CVE-2019-6203
- CVE-2019-8551
- CVE-2019-8535
- CVE-2019-6201
- CVE-2019-8523
- CVE-2019-8524
- CVE-2019-8562
- CVE-2019-8515
- CVE-2019-7285
- CVE-2019-8556
- CVE-2019-8503
- CVE-2019-8530
- CVE-2019-7287
Frequently Asked Questions
What is CVE-2019-7286?
CVE-2019-7286 is a memory corruption vulnerability in Apple Multiple Products that allows an application to gain elevated privileges.
How does CVE-2019-7286 impact iOS?
CVE-2019-7286 affects iOS devices running up to version 12.1.4.
How does CVE-2019-7286 impact macOS?
CVE-2019-7286 affects macOS devices running up to version 10.14.3.
How can I fix CVE-2019-7286 on iOS?
To fix CVE-2019-7286 on iOS, update your device to iOS version 12.1.4 or later.
How can I fix CVE-2019-7286 on macOS?
To fix CVE-2019-7286 on macOS, update your device to macOS version 10.14.3 or later.
- collector/nvd-index
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/apple
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple macos mojave supplemental update
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple multiple products