CVE-2019-8746: Input Validation
First published: Thu Sep 19 2019(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Credit: natashenka Samuel Groß Google Project ZeroSamuel Groß natashenka Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zeronatashenka Samuel Groß Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iTunes for Windows | <12.10.1 | 12.10.1 |
| Apple iCloud for Windows | <7.14 | 7.14 |
| Apple iCloud for Windows | <10.7 | 10.7 |
| Apple macOS Catalina | <10.15 | 10.15 |
| Apple macOS Catalina | <10.15.1 | 10.15.1 |
| Apple watchOS | <6 | 6 |
| Apple tvOS | <13 | 13 |
| Apple iOS | <13 | 13 |
| Apple Icloud Windows | <7.14 | |
| Apple Icloud Windows | >=10.0<10.7 | |
| Apple Itunes Windows | <12.10.1 | |
| Apple iPhone OS | <13.1 | |
| Apple Mac OS X | <10.15 | |
| Apple tvOS | <13 | |
| Apple watchOS | <6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210604 (Advisory)
- https://support.apple.com/en-us/HT210606 (Advisory)
- https://support.apple.com/en-us/HT210607 (Advisory)
- https://support.apple.com/en-us/HT210634 (Advisory)
- https://support.apple.com/en-us/HT210635 (Advisory)
- https://support.apple.com/en-us/HT210636 (Advisory)
- https://support.apple.com/en-us/HT210637 (Advisory)
- https://support.apple.com/en-us/HT210722 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8741
- CVE-2019-8825
- CVE-2019-8746
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8745
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8764
- CVE-2019-8707
- CVE-2019-8710
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8762
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8774
- CVE-2019-8753
- CVE-2019-8705
- CVE-2019-8592
- CVE-2019-8757
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8776
- CVE-2019-8509
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8759
- CVE-2019-8758
- CVE-2019-8755
- CVE-2019-8703
- CVE-2019-8809
- CVE-2019-8744
- CVE-2019-8717
- CVE-2019-8709
- CVE-2019-8781
- CVE-2019-8799
- CVE-2019-8826
- CVE-2019-8730
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8855
- CVE-2019-8770
- CVE-2019-8701
- CVE-2019-8761
- CVE-2019-8831
- CVE-2019-8769
- CVE-2019-8768
- CVE-2019-8854
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8824
- CVE-2019-8803
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8788
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8784
- CVE-2019-8807
- CVE-2019-8801
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8802
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-15126
- CVE-2019-8718
- CVE-2019-8740
- CVE-2019-8712
- CVE-2019-8747
- CVE-2019-8780
- CVE-2019-8704
- CVE-2020-9932
- CVE-2019-8711
- CVE-2019-8732
- CVE-2019-8760
- CVE-2019-8641
- CVE-2019-8742
- CVE-2019-8731
- CVE-2019-8727
- CVE-2019-8771
- CVE-2019-8674
Frequently Asked Questions
What is CVE-2019-8746?
CVE-2019-8746 is a vulnerability in Foundation that allows for an out-of-bounds read due to improved input validation.
How severe is CVE-2019-8746?
CVE-2019-8746 has a severity rating of 9.8 (Critical).
What software versions are affected by CVE-2019-8746?
CVE-2019-8746 affects macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, Security Update 2019-006, watchOS 6, and iTunes 12.10.1 for Windows.
How can I fix CVE-2019-8746?
To fix CVE-2019-8746, update your software to macOS Catalina 10.15.1, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, Security Update 2019-006, watchOS 6, or iTunes 12.10.1 for Windows.
Where can I find more information about CVE-2019-8746?
You can find more information about CVE-2019-8746 on the Apple support website: [link](https://support.apple.com/en-us/HT210722).
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- alias/CVE-2019-8746
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/nvd-index
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple icloud for windows
- canonical/apple macos catalina
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple icloud windows
- version/apple icloud windows/10.0
- canonical/apple itunes windows
- canonical/apple iphone os
- canonical/apple mac os x