CVE-2019-8746: Input Validation
First published: Thu Sep 19 2019(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Credit: natashenka Samuel Groß Google Project ZeroSamuel Groß natashenka Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <13 | 13 |
| macOS Catalina | <10.15 | 10.15 |
| macOS Catalina | <10.15.1 | 10.15.1 |
| Apple iOS, iPadOS, and watchOS | <13 | 13 |
| Apple iOS, iPadOS, and watchOS | <6 | 6 |
| Apple iCloud | <10.7 | 10.7 |
| Apple iCloud | <7.14 | 7.14 |
| Apple iTunes | <12.10.1 | 12.10.1 |
| Apple iCloud for Windows | <7.14 | |
| Apple iCloud for Windows | >=10.0<10.7 | |
| Apple iTunes for Windows | <12.10.1 | |
| iStyle @cosme iPhone OS | <13.1 | |
| Apple iOS and macOS | <10.15 | |
| tvOS | <13 | |
| Apple iOS, iPadOS, and watchOS | <6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210604 (Advisory)
- https://support.apple.com/en-us/HT210606 (Advisory)
- https://support.apple.com/en-us/HT210607 (Advisory)
- https://support.apple.com/en-us/HT210634 (Advisory)
- https://support.apple.com/en-us/HT210635 (Advisory)
- https://support.apple.com/en-us/HT210636 (Advisory)
- https://support.apple.com/en-us/HT210637 (Advisory)
- https://support.apple.com/en-us/HT210722 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8747
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8753
- CVE-2019-8592
- CVE-2019-8741
- CVE-2019-8705
- CVE-2019-8746
- CVE-2019-8718
- CVE-2019-8703
- CVE-2019-8740
- CVE-2019-8809
- CVE-2019-8712
- CVE-2019-8744
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8780
- CVE-2019-8704
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8799
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8764
- CVE-2019-8707
- CVE-2019-8710
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8762
- CVE-2020-9932
- CVE-2019-8854
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8774
- CVE-2019-8825
- CVE-2019-8757
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8776
- CVE-2019-8509
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8759
- CVE-2019-8758
- CVE-2019-8755
- CVE-2019-8781
- CVE-2019-8826
- CVE-2019-8730
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8855
- CVE-2019-8770
- CVE-2019-8701
- CVE-2019-8761
- CVE-2019-8769
- CVE-2019-8768
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8824
- CVE-2019-8803
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8788
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8784
- CVE-2019-8807
- CVE-2019-8801
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8802
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-15126
- CVE-2019-8711
- CVE-2019-8732
- CVE-2019-8760
- CVE-2019-8641
- CVE-2019-8742
- CVE-2019-8731
- CVE-2019-8727
- CVE-2019-8771
- CVE-2019-8674
Frequently Asked Questions
What is CVE-2019-8746?
CVE-2019-8746 is a vulnerability in Foundation that allows for an out-of-bounds read due to improved input validation.
How severe is CVE-2019-8746?
CVE-2019-8746 has a severity rating of 9.8 (Critical).
What software versions are affected by CVE-2019-8746?
CVE-2019-8746 affects macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, Security Update 2019-006, watchOS 6, and iTunes 12.10.1 for Windows.
How can I fix CVE-2019-8746?
To fix CVE-2019-8746, update your software to macOS Catalina 10.15.1, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, Security Update 2019-006, watchOS 6, or iTunes 12.10.1 for Windows.
Where can I find more information about CVE-2019-8746?
You can find more information about CVE-2019-8746 on the Apple support website: [link](https://support.apple.com/en-us/HT210722).
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- alias/CVE-2019-8746
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/tvos
- canonical/macos catalina
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- canonical/apple itunes
- canonical/apple icloud for windows
- version/apple icloud for windows/10.0
- canonical/apple itunes for windows
- canonical/istyle @cosme iphone os
- canonical/apple ios and macos