CVE-2019-8606: Race Condition

Q: What is the severity of CVE-2019-8606?

The severity of CVE-2019-8606 is high.

Q: How does CVE-2019-8606 impact macOS Mojave?

CVE-2019-8606 allows a local user to load unsigned kernel extensions in macOS Mojave.

Q: How can I fix CVE-2019-8606?

To fix CVE-2019-8606, update your macOS Mojave to version 10.14.5 or later.

Q: What are the affected software versions of CVE-2019-8606?

CVE-2019-8606 affects macOS Mojave 10.14.5 and earlier.

Q: What is the Common Weakness Enumeration ID of CVE-2019-8606?

The Common Weakness Enumeration ID of CVE-2019-8606 is CWE-362.

Published May 13, 2019

Updated

IOKit. A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

Other sources

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.

Credit

Phoenhex, qwerty@@_niklasb, @@qwertyoruiopz, @@bkth_(Trend Micro)

Affected Software

4 affected componentsFixes available

Apple macOS Mojave<10.14.5

10.14.5

Apple High Sierra

Apple Sierra

Apple iOS and macOS<10.14.5

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210119

Frequently Asked Questions

What is the severity of CVE-2019-8606?

The severity of CVE-2019-8606 is high.

How does CVE-2019-8606 impact macOS Mojave?

CVE-2019-8606 allows a local user to load unsigned kernel extensions in macOS Mojave.

How can I fix CVE-2019-8606?

To fix CVE-2019-8606, update your macOS Mojave to version 10.14.5 or later.

What are the affected software versions of CVE-2019-8606?