CVE-2019-8555: Buffer Overflow

Q: What is CVE-2019-8555?

CVE-2019-8555 is a vulnerability in AppleGraphicsControl that allows a malicious application to execute arbitrary code with kernel privileges.

Q: What is the severity of CVE-2019-8555?

CVE-2019-8555 has a severity rating of 7.8, which is considered critical.

Q: How can I fix CVE-2019-8555?

To fix CVE-2019-8555, update to macOS Mojave 10.14.4 or later.

Q: Where can I find more information about CVE-2019-8555?

You can find more information about CVE-2019-8555 on the Apple support page: https://support.apple.com/HT209600

Q: What is the CWE ID for CVE-2019-8555?

The CWE ID for CVE-2019-8555 is 119.

Published Mar 25, 2019

Updated

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.

Other sources

AppleGraphicsControl. A buffer overflow was addressed with improved size validation.

Credit

Zhiyi Zhang(360 ESG Codesafe Team), Zhuo Liang, shrek_wzw(Qihoo 360 Nirvan Team)

Affected Software

4 affected componentsFixes available

Apple macOS Mojave<10.14.4

10.14.4

Apple High Sierra

Apple Sierra

Apple iOS and macOS<10.4.4

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT209600

Frequently Asked Questions

What is CVE-2019-8555?

CVE-2019-8555 is a vulnerability in AppleGraphicsControl that allows a malicious application to execute arbitrary code with kernel privileges.

What is the severity of CVE-2019-8555?

CVE-2019-8555 has a severity rating of 7.8, which is considered critical.

How can I fix CVE-2019-8555?

To fix CVE-2019-8555, update to macOS Mojave 10.14.4 or later.

Where can I find more information about CVE-2019-8555?