Apple iPhone XS Max Phone
| Platform Information | https://www.apple.com/kr/iphone-xs/specs/ |
|---|---|
| Search Engine | Search on Google |
| End of Sales | - |
| End of Support | - |
| Wired Connection | - |
| Wireless Connection | Yes |
| Fingerprinting Source | HOSTNAME MAC OUI NIC VENDOR DHCP |
| Added at | Aug 13, 2019 |
| Manufacturer Name | Apple Inc. |
| Homepage | http://www.apple.com/ |
| Headquarters | United States of America |
| Business Status | Ongoing |
| Platform’s Common Vulnerabilities and Exposures (CVE) | ||
|---|---|---|
|
CVE-ID
Severity v3.0
Severity v2.0
Description
|
||
|
No records found.
|
||
| Manufacturer’s Common Vulnerabilities and Exposures (CVE) | ||
|---|---|---|
|
CVE-ID
Severity v3.0
Severity v2.0
Description
|
||
|
CVE-2019-9815
07/23/2019 HIGH
MEDIUM
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
|
||
|
CVE-2019-7963
07/18/2019 MEDIUM
MEDIUM
Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
|
||
|
CVE-2019-13567
07/12/2019 HIGH
MEDIUM
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.
|
||
|
CVE-2019-12579
07/11/2019 HIGH
HIGH
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpn_launcher.64 binary is setuid root. This binary accepts several parameters to update the system configuration. These parameters are passed to operating system commands using a "here" document. The parameters are not sanitized, which allow for arbitrary commands to be injected using shell metacharacters. A local unprivileged user can pass special crafted parameters that will be interpolated by the operating system calls.
|
||
|
CVE-2019-12577
07/11/2019 HIGH
HIGH
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpn_launcher.64 is setuid root. This binary creates /tmp/pia_upscript.sh when executed. Because the file creation mask (umask) is not reset, the umask value is inherited from the calling process. This value can be manipulated to cause the privileged binary to create files with world writable permissions. A local unprivileged user can modify /tmp/pia_upscript.sh during the connect process to execute arbitrary code as the root user.
|
||