First published: Mon Mar 25 2019(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
Credit: product-security@apple.com Colin Meginnis @falc420
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | <10.14.4 | |
Apple macOS Mojave | <10.14.4 | 10.14.4 |
Apple High Sierra | ||
Apple Sierra |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2019-8522.
The severity of CVE-2019-8522 is medium, with a severity value of 5.5.
The affected software for CVE-2019-8522 is Apple Mac OS X, Apple macOS Mojave (up to version 10.14.4), Apple High Sierra, and Apple Sierra.
CVE-2019-8522 allows an encrypted volume to be unmounted and remounted by a different user without prompting for the password.
CVE-2019-8522 can be fixed by updating the system to macOS Mojave 10.14.4 or later.