Login Sign Up

CVE-2019-8828

7.8 HIGH

📋 TL;DR

This is a memory corruption vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects iOS, iPadOS, watchOS, macOS, and tvOS. Attackers could gain complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • watchOS
  • macOS
  • tvOS
Versions: Versions prior to iOS 13.3, iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra, tvOS 13.3
Operating Systems: Apple iOS, Apple iPadOS, Apple watchOS, Apple macOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. Requires malicious application execution.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level persistence, data theft, and ability to install backdoors or ransomware.

🟠

Likely Case

Privilege escalation leading to data exfiltration, surveillance, or installation of malicious software.

🟢

If Mitigated

Limited impact if devices are fully patched and have proper application sandboxing enforced.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install/execute malicious application. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.3, iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra, tvOS 13.3

Vendor Advisory: https://support.apple.com/en-us/HT210785

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Install available updates. 3. For macOS, go to Apple menu > System Preferences > Software Update. 4. Install all security updates. 5. Restart device after installation.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of applications from untrusted sources

🧯 If You Can't Patch

  • Implement strict application whitelisting policies
  • Deploy endpoint detection and response (EDR) solutions to monitor for suspicious kernel activity

🔍 How to Verify

Check if Vulnerable:

Check OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac.

Check Version:

iOS/iPadOS/watchOS/tvOS: Settings > General > About. macOS: sw_vers

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official section.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Processes running with elevated privileges unexpectedly
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • DNS requests to suspicious domains from kernel space

SIEM Query:

process.parent.name:kernel AND process.name:sh OR process.name:bash

📊 Metadata

CVE ID: CVE-2019-8828
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: October 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-8828, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)