First published: Mon Jul 22 2019(Updated: )
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.
Credit: Luke Deshotels Jordan Beichler William Enck North Carolina State UniversityRăzvan Deaconescu University POLITEHNICA of BucharestLuke Deshotels Jordan Beichler William Enck North Carolina State UniversityRăzvan Deaconescu University POLITEHNICA of Bucharest product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <12.4 | |
Apple tvOS | <12.4 | |
Apple tvOS | <12.4 | 12.4 |
Apple iOS | <12.4 | 12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-8698 is a vulnerability related to a validation issue in the entitlement verification in Apple iOS and tvOS.
The severity of CVE-2019-8698 is medium, with a severity value of 3.3.
CVE-2019-8698 can allow a malicious application to restrict access to websites on affected Apple iOS and tvOS devices.
CVE-2019-8698 was fixed in iOS 12.4 and tvOS 12.4 through improved validation of the process entitlement.
More information about CVE-2019-8698 can be found at the following references: [link1](https://support.apple.com/en-us/HT210351), [link2](https://support.apple.com/HT210346), [link3](https://support.apple.com/HT210351).