CVE-2019-8857: Input Validation

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8857.

Q: What is the severity of CVE-2019-8857?

The severity of CVE-2019-8857 is low.

Q: How does the issue in CVE-2019-8857 affect iCloud links?

The issue in CVE-2019-8857 allows Live Photo audio and video data to be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

Q: How was the issue in CVE-2019-8857 fixed?

The issue in CVE-2019-8857 was fixed with improved validation when an iCloud Link is created in iOS 13.3 and iPadOS 13.3.

Q: Where can I find more information about CVE-2019-8857?

You can find more information about CVE-2019-8857 on the official Apple support page: https://support.apple.com/en-us/HT210785

Published Dec 10, 2019

Updated

Photos. The issue was addressed with improved validation when an iCloud Link is created.

Other sources

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

Credit

Tor Bruce

Affected Software

4 affected componentsFixes available

Apple iOS and iPadOS<13.3

13.3

Apple iOS, iPadOS, and macOS<13.3

13.3

Apple iOS, iPadOS, and macOS<13.3

iPhone OS<13.3

Event History

Oct 27, 2020

CVE Published

via MITRE·08:07 PM

Data Sourced

via MITRE·08:07 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210785

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8857.

What is the severity of CVE-2019-8857?