Login Sign Up

CVE-2019-8786

7.8 HIGH

📋 TL;DR

CVE-2019-8786 is a memory corruption vulnerability in Apple operating systems that allows applications to execute arbitrary code with kernel privileges. This affects iOS, iPadOS, macOS, tvOS, and watchOS before specific patched versions. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
Versions: Versions before iOS 13.2, iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious apps gaining full system access to install backdoors, steal credentials, and monitor user activity.

🟢

If Mitigated

Limited impact if devices are fully patched and app installation is restricted to trusted sources only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires a malicious application to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.2, iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1

Vendor Advisory: https://support.apple.com/HT210721

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

Settings > General > Device Management > Trust Enterprise Developer (for enterprise devices only)

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application allowlisting policies

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Version

Check Version:

Settings > General > About > Version (iOS/iPadOS/watchOS) or About This Mac > Overview (macOS)

Verify Fix Applied:

Verify version is equal to or greater than: iOS 13.2, iPadOS 13.2, macOS 10.15.1, tvOS 13.2, watchOS 6.1

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected process execution with elevated privileges
  • Memory access violation logs

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious network activity from kernel-level components

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR process="kernel_task" AND action="unexpected_execution")

📊 Metadata

CVE ID: CVE-2019-8786
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 18, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-8786, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)