BID:106724

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

CVE-2019-6235 |

Info

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

Bugtraq ID:	106724
Class:	Unknown
CVE:	CVE-2019-6235
Remote:	Yes
Local:	No
Published:	Jan 24 2019 12:00AM
Updated:	Jan 24 2019 12:00AM
Credit:	Brandon Azad
Vulnerable:	eSignal eSignal 6.0.2 Apple watchOS 10.1.1 Apple watchOS 5.1.2 Apple watchOS 4.3.2 Apple watchOS 4.3.1 Apple watchOS 3.1.3 Apple watchOS 3.1.1 Apple watchOS 2.2.2 Apple watchOS 2.2.1 Apple watchOS 2.0.1 Apple watchOS 1.0.1 Apple watchOS 5 Apple watchOS 4.3 Apple watchOS 4.2.3 Apple watchOS 4.2.2 Apple watchOS 4.2 Apple watchOS 4.1 Apple watchOS 4 Apple watchOS 3.2.3 Apple watchOS 3.2.2 Apple watchOS 3.2.1 Apple watchOS 3.2 Apple watchOS 3.1 Apple watchOS 3.0 Apple watchOS 3 Apple watchOS 2.2 Apple watchOS 2.1 Apple watchOS 2.0 Apple watchOS 1.0 Apple watchOS 0 Apple tvOS 12.1.1 Apple tvOS 11.4.1 Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 12 Apple tvOS 11.4 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple tvOS 0 Apple macOS 10.14.2 Apple iTunes 12.9.2 Apple iTunes 12.7.5 Apple iTunes 12.7.4 Apple iTunes 12.7.3 Apple iTunes 12.6.2 Apple iTunes 12.5.5 Apple iTunes 12.5.1 Apple iTunes 12.4.2 Apple iTunes 12.3.2 Apple iTunes 12.3.1 Apple iTunes 11.2.1 Apple iTunes 11.1.5 Apple iTunes 11.1.4 Apple iTunes 11.1.3 Apple iTunes 11.1.2 Apple iTunes 11.1.1 Apple iTunes 11.0.5 Apple iTunes 11.0.4 Apple iTunes 11.0.2 Apple iTunes 10.6.3 Apple iTunes 10.6.1 Apple iTunes 10.5.1 Apple iTunes 10.1.2 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 5.0 Apple iTunes 4.8 Apple iTunes 4.7.1 Apple iTunes 4.7 Apple iTunes 4.6 Apple iTunes 4.5 Apple iTunes 9.2 Apple iTunes 9.1.1 Apple iTunes 9.1 Apple iTunes 9.0.3 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 12.8 Apple iTunes 12.7.2 Apple iTunes 12.7 Apple iTunes 12.6 Apple iTunes 12.5.4 Apple iTunes 12.5.2 Apple iTunes 12.4 Apple iTunes 12.3 Apple iTunes 12.2 Apple iTunes 12.0.1 Apple iTunes 11.2 Apple iTunes 11.1 Apple iTunes 11.0.3 Apple iTunes 11.0.1 Apple iTunes 11.0 Apple iTunes 10.7 Apple iTunes 10.6.1.7 Apple iTunes 10.6 Apple iTunes 10.5.3 Apple iTunes 10.5.2 Apple iTunes 10.5.1.42 Apple iTunes 10.5 Apple iTunes 10.4.1.10 Apple iTunes 10.4.1 Apple iTunes 10.4.0.80 Apple iTunes 10.4 Apple iTunes 10.3.1 Apple iTunes 10.3 Apple iTunes 10.2.2.12 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1.1.4 Apple iTunes 10.1.1 Apple iTunes 10.1 Apple iTunes 10.0.1 Apple iTunes 10 Apple iPod Touch 0 Apple iPhone 0 Apple iPad Air 0 Apple iOS 5 0 Apple iOS 4 0 Apple iOS 3 0 Apple iOS 12.1.1 Apple iOS 12.0.1 Apple iOS 11.4.1 Apple iOS 10.2.1 Apple iOS 10.0.1 Apple iOS 9.3.4 Apple iOS 9.3.3 Apple iOS 9.3.2 Apple iOS 9.3.1 Apple iOS 9.2.1 Apple iOS 9.0.2 Apple iOS 9.0.1 Apple iOS 8.4.1 Apple iOS 7.2 Apple iOS 7.0.6 Apple iOS 7.0.5 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 9.3.5 Apple iOS 9.3 Apple iOS 9.2 Apple iOS 9.1 Apple iOS 9 Apple iOS 8.4 Apple iOS 8.3 Apple iOS 8.2 Apple iOS 8.1.3 Apple iOS 8.1.2 Apple iOS 8.1.1 Apple iOS 8.1 Apple iOS 8 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple iOS 12.1 Apple iOS 12 Apple iOS 11.4 Apple iOS 11.3.1 Apple iOS 11.3 Apple iOS 11.2.6 Apple iOS 11.2.5 Apple iOS 11.2.2 Apple iOS 11.2.1 Apple iOS 11.2 Apple iOS 11.1 Apple iOS 11 Apple iOS 10.3.3 Apple iOS 10.3.2 Apple iOS 10.3.1 Apple iOS 10.3 Apple iOS 10.2 Apple iOS 10.1 Apple iOS 10 Apple iOS 0

Not Vulnerable:	Apple watchOS 5.1.3 Apple tvOS 12.1.2 Apple macOS 10.14.3 Apple macOS Security Update 2019 Apple macOS Security Update 2019 Apple iTunes 12.9.3 Apple iOS 12.1.3

Discussion

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

Apple iTunes/macOS/tvOS/watchOS/iOS are prone to a memory-corruption vulnerability.

An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.

Exploit / POC

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apple iTunes/macOS/tvOS/watchOS/iOS CVE-2019-6235 Memory Corruption Vulnerability

References:

About the security content of iOS 12.1.3 (Apple)
About the security content of iTunes 12.9.3 for Windows (Apple)
About the security content of macOS Mojave 10.14.3, Security Update 2019-001 Hig (Apple)
About the security content of tvOS 12.1.2 (Apple)
About the security content of watchOS 5.1.3 (Apple)
Apple Home Page (Apple)