CVE-2019-8640: Input Validation

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2019-8640.

Q: What is the severity of CVE-2019-8640?

The severity of CVE-2019-8640 is high with a CVSS score of 7.5.

Q: What is the affected software?

The affected software includes macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, and Security Update 2019-003 Sierra.

Q: How can the vulnerability be fixed?

The vulnerability can be fixed by updating to macOS Mojave 10.14.5, or applying Security Update 2019-003 for High Sierra or Sierra.

Q: What is the description of CVE-2019-8640?

CVE-2019-8640 is a logic issue in Archive Utility that was addressed with improved validation. A sandboxed process may be able to circumvent sandbox restrictions.

Published May 13, 2019

Updated

Archive Utility. A logic issue was addressed with improved validation.

Other sources

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions.

Credit

Ash Fox(Fitbit Product Security)

Affected Software

4 affected componentsFixes available

Apple macOS Mojave<10.14.5

10.14.5

Apple High Sierra

Apple Sierra

Apple iOS and macOS<10.14.5

Event History

Oct 27, 2020

CVE Published

via MITRE·07:38 PM

Data Sourced

via MITRE·07:38 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210119

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2019-8640.

What is the severity of CVE-2019-8640?

The severity of CVE-2019-8640 is high with a CVSS score of 7.5.

What is the affected software?

The affected software includes macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, and Security Update 2019-003 Sierra.

How can the vulnerability be fixed?