BID:106695

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

CVE-2019-6205 | CVE-2019-6208 | CVE-2019-6218 | CVE-2019-6225 |

Info

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

Bugtraq ID:	106695
Class:	Unknown
CVE:	CVE-2019-6205 CVE-2019-6208 CVE-2019-6218 CVE-2019-6225
Remote:	Yes
Local:	No
Published:	Jan 22 2019 12:00AM
Updated:	Jan 22 2019 12:00AM
Credit:	Ian Beer of Google Project Zero, Jann Horn of Google Project Zero, and Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team
Vulnerable:	Apple tvOS 12.1.1 Apple tvOS 11.4.1 Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 12 Apple tvOS 11.4 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple TV 0 Apple macOS 10.14.2 Apple macOS 10.13.6 Apple macOS 10.12.6 Apple iPod Touch 0 Apple iPhone 0 Apple iPad Air 0 Apple iOS 5 0 Apple iOS 4 0 Apple iOS 3 0 Apple iOS 12.1.1 Apple iOS 12.0.1 Apple iOS 11.4.1 Apple iOS 10.2.1 Apple iOS 10.0.1 Apple iOS 9.3.4 Apple iOS 9.3.3 Apple iOS 9.3.2 Apple iOS 9.3.1 Apple iOS 9.2.1 Apple iOS 9.0.2 Apple iOS 9.0.1 Apple iOS 8.4.1 Apple iOS 7.2 Apple iOS 7.0.6 Apple iOS 7.0.5 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 9.3.5 Apple iOS 9.3 Apple iOS 9.2 Apple iOS 9.1 Apple iOS 9 Apple iOS 8.4 Apple iOS 8.3 Apple iOS 8.2 Apple iOS 8.1.3 Apple iOS 8.1.2 Apple iOS 8.1.1 Apple iOS 8.1 Apple iOS 8 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple iOS 12.1 Apple iOS 12 Apple iOS 11.4 Apple iOS 11.3.1 Apple iOS 11.3 Apple iOS 11.2.6 Apple iOS 11.2.5 Apple iOS 11.2.2 Apple iOS 11.2.1 Apple iOS 11.2 Apple iOS 11.1 Apple iOS 11 Apple iOS 10.3.3 Apple iOS 10.3.2 Apple iOS 10.3.1 Apple iOS 10.3 Apple iOS 10.2 Apple iOS 10.1 Apple iOS 10

Not Vulnerable:	Apple tvOS 12.1.2 Apple macOS 10.14.3 Apple macOS Security Update 2019 Apple macOS Security Update 2019 Apple iOS 12.1.3

Discussion

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

Apple macOS, TV OS, and iOS are prone to multiple memory-corruption vulnerabilities.

Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.

Exploit / POC

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apple macOS/tvOS/iOS Multiple Memory Corruption Vulnerabilities

References:

Apple Home Page (Apple)
About the security content of iOS 12.1.3 (Apple)
About the security content of macOS Mojave 10.14.3, Security Update 2019-001 Hig (Apple)
About the security content of tvOS 12.1.2 (Apple)
Subject: APPLE-SA-2019-1-22-1 iOS 12.1.3 (Apple)
Subject: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 Hig (Apple)
Subject: APPLE-SA-2019-1-22-4 tvOS 12.1.2 (Apple)