CVE-2019-8502: Input Validation
First published: Mon Mar 25 2019(Updated: )
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
Credit: Luke Deshotels North Carolina State UniversityJordan Beichler North Carolina State UniversityWilliam Enck North Carolina State UniversityCostin Carabaș University POLITEHNICA of Bucharest Răzvan Deaconescu University POLITEHNICA of BucharestLuke Deshotels North Carolina State UniversityJordan Beichler North Carolina State UniversityWilliam Enck North Carolina State UniversityCostin Carabaș University POLITEHNICA of Bucharest Răzvan Deaconescu University POLITEHNICA of BucharestLuke Deshotels North Carolina State UniversityJordan Beichler North Carolina State UniversityWilliam Enck North Carolina State UniversityCostin Carabaș University POLITEHNICA of Bucharest Răzvan Deaconescu University POLITEHNICA of BucharestLuke Deshotels North Carolina State UniversityJordan Beichler North Carolina State UniversityWilliam Enck North Carolina State UniversityCostin Carabaș University POLITEHNICA of Bucharest Răzvan Deaconescu University POLITEHNICA of Bucharest product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <12.2 | |
| Apple Mac OS X | <10.14.4 | |
| Apple tvOS | <12.2 | |
| Apple watchOS | <5.2 | |
| Apple tvOS | <12.2 | 12.2 |
| Apple macOS Mojave | <10.14.4 | 10.14.4 |
| Apple High Sierra | ||
| Apple Sierra | ||
| Apple iOS | <12.2 | 12.2 |
| Apple watchOS | <5.2 | 5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209599 (Advisory)
- https://support.apple.com/en-us/HT209600 (Advisory)
- https://support.apple.com/en-us/HT209601 (Advisory)
- https://support.apple.com/en-us/HT209602 (Advisory)
- https://support.apple.com/HT209599
- https://support.apple.com/HT209600
- https://support.apple.com/HT209601
- https://support.apple.com/HT209602
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-6203
- CVE-2019-8531
- CVE-2019-8538
- CVE-2019-8534
- CVE-2019-8555
- CVE-2019-6239
- CVE-2019-8516
- CVE-2019-8552
- CVE-2019-8511
- CVE-2019-8542
- CVE-2019-8522
- CVE-2019-8550
- CVE-2019-8777
- CVE-2019-8565
- CVE-2019-8521
- CVE-2019-8906
- CVE-2019-8519
- CVE-2019-8533
- CVE-2019-8545
- CVE-2019-8504
- CVE-2019-8529
- CVE-2018-4448
- CVE-2019-5608
- CVE-2019-8527
- CVE-2019-8528
- CVE-2019-8508
- CVE-2019-8514
- CVE-2019-8540
- CVE-2019-7293
- CVE-2019-6207
- CVE-2019-8510
- CVE-2019-8547
- CVE-2019-8525
- CVE-2018-4433
- CVE-2019-8642
- CVE-2019-8645
- CVE-2019-8546
- CVE-2019-8579
- CVE-2019-8537
- CVE-2019-8561
- CVE-2018-12015
- CVE-2018-18311
- CVE-2018-18313
- CVE-2019-8549
- CVE-2019-8507
- CVE-2019-8618
- CVE-2019-8526
- CVE-2019-8520
- CVE-2019-8502
- CVE-2019-8513
- CVE-2019-8569
- CVE-2019-8517
- CVE-2019-8564
- CVE-2019-8612
- CVE-2019-8567
- CVE-2019-6238
- CVE-2019-8530
- CVE-2019-7286
- CVE-2019-8553
- CVE-2019-8532
- CVE-2019-8548
- CVE-2019-8541
- CVE-2019-8536
- CVE-2019-8544
- CVE-2019-8506
- CVE-2019-8518
- CVE-2019-8558
- CVE-2019-8559
- CVE-2019-8563
- CVE-2019-8638
- CVE-2019-8639
- CVE-2019-7292
- CVE-2019-8551
- CVE-2019-8535
- CVE-2019-6201
- CVE-2019-8523
- CVE-2019-8524
- CVE-2019-8562
- CVE-2019-8515
- CVE-2019-7285
- CVE-2019-8556
- CVE-2019-8503
- CVE-2019-8512
- CVE-2019-7284
- CVE-2019-8566
- CVE-2019-8554
- CVE-2019-6204
- CVE-2019-8505
- CVE-2019-6222
Frequently Asked Questions
What is CVE-2019-8502?
CVE-2019-8502 is a vulnerability that existed in the handling of dictation requests in Siri.
How does CVE-2019-8502 affect Apple devices?
CVE-2019-8502 affected multiple Apple devices, including macOS Mojave, High Sierra, Sierra, iOS, tvOS, and watchOS.
What is the severity of CVE-2019-8502?
CVE-2019-8502 has a severity level of medium, with a CVSS score of 3.3.
How was CVE-2019-8502 fixed?
CVE-2019-8502 was fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, and watchOS 5.2 with improved validation.
Can a malicious application exploit CVE-2019-8502 without user authorization?
Yes, a malicious application could exploit CVE-2019-8502 to initiate a Dictation request without user authorization.
- agent/softwarecombine
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/type
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/apple
- canonical/apple macos mojave
- canonical/apple high sierra
- canonical/apple sierra
- canonical/apple watchos
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple ios