CVE-2019-8566: Input Validation

Q: What is CVE-2019-8566?

CVE-2019-8566 is a vulnerability that exists in the handling of microphone data in iOS 12.2 and earlier.

Q: How severe is CVE-2019-8566?

CVE-2019-8566 has a severity value of 3.3, which is considered medium.

Q: How can a malicious application exploit CVE-2019-8566?

A malicious application can exploit CVE-2019-8566 to access the microphone without indication to the user.

Q: How can I fix CVE-2019-8566?

CVE-2019-8566 is fixed in iOS 12.2, so updating to the latest version of iOS will address the vulnerability.

Q: Where can I find more information about CVE-2019-8566?

You can find more information about CVE-2019-8566 on Apple's support page: [https://support.apple.com/HT209599](https://support.apple.com/HT209599)

Published Mar 25, 2019

Updated

ReplayKit. An API issue existed in the handling of microphone data. This issue was addressed with improved validation.

Other sources

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user.

Credit

an anonymous researcher

Affected Software

2 affected componentsFixes available

Apple iOS and iPadOS<12.2

12.2

iPhone OS<12.2

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT209599

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-8566?

CVE-2019-8566 is a vulnerability that exists in the handling of microphone data in iOS 12.2 and earlier.

How severe is CVE-2019-8566?