First published: Tue Sep 24 2019(Updated: )
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
Credit: videosdebarraquito videosdebarraquito product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <13.1 | 13.1 |
Apple iPadOS | <13.1 | 13.1 |
Apple iPadOS | <13.1 | |
Apple iPhone OS | <13.1 | |
Apple watchOS | <6.1 | |
Apple watchOS | <6.1 | 6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-8775 is a vulnerability in VoiceOver on iOS and iPadOS devices that allows a person with physical access to access contacts from the lock screen.
Physical access to the device is required to exploit CVE-2019-8775.
To fix CVE-2019-8775, update your iOS or iPadOS device to version 13.1 or later.
CVE-2019-8775 has a severity rating of 2.4 (low).
You can find more information about CVE-2019-8775 on the Apple support page: <a href="https://support.apple.com/HT210603">https://support.apple.com/HT210603</a>