What is the severity of CVE-2019-8900?

The severity of CVE-2019-8900 is high due to its potential to allow arbitrary code execution with physical access.

How do I fix CVE-2019-8900?

To fix CVE-2019-8900, ensure your affected Apple devices are updated to the latest firmware version provided by Apple.

What devices are affected by CVE-2019-8900?

CVE-2019-8900 affects certain Apple devices that utilize the SecureROM, specifically those that are subject to physical access.

Can CVE-2019-8900 be exploited remotely?

No, CVE-2019-8900 requires an unauthenticated local attacker to have physical access to the device to exploit it.

What type of vulnerability is CVE-2019-8900 classified as?

CVE-2019-8900 is classified as a local privilege escalation vulnerability.

Vulnerability/
CVE-2019-8900

medium

6.8

CWE

21/2/2025

22/2/2025

CVE-2019-8900: Code Injection

First published: Fri Feb 21 2025(Updated: )

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the device: the device must be plugged in to a computer upon booting, and it must be put into Device Firmware Update (DFU) mode. The exploit is not persistent; rebooting the device overrides any changes to the device's software that were made during an exploited session on the device. Additionally, unless an attacker has access to the device's unlock PIN or fingerprint, an attacker cannot gain access to information protected by Apple's Secure Enclave or Touch ID features.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple SecureROM

Never miss a vulnerability like this again

Reference Links

https://www.kb.cert.org/vuls/id/941987

Frequently Asked Questions

What is the severity of CVE-2019-8900?
The severity of CVE-2019-8900 is high due to its potential to allow arbitrary code execution with physical access.
How do I fix CVE-2019-8900?
To fix CVE-2019-8900, ensure your affected Apple devices are updated to the latest firmware version provided by Apple.
What devices are affected by CVE-2019-8900?
CVE-2019-8900 affects certain Apple devices that utilize the SecureROM, specifically those that are subject to physical access.
Can CVE-2019-8900 be exploited remotely?
No, CVE-2019-8900 requires an unauthenticated local attacker to have physical access to the device to exploit it.
What type of vulnerability is CVE-2019-8900 classified as?
CVE-2019-8900 is classified as a local privilege escalation vulnerability.

collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/source
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/softwarecombine
agent/weakness
agent/severity
agent/last-modified-date
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
vendor/apple
canonical/apple securerom

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.