CVE-2019-7288 - OpenCVE

The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT209520
https://support.apple.com/en-us/HT209521

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T19:23:12

Updated: 2024-08-04T20:46:45.919Z

Reserved: 2019-01-31T00:00:00

Link: CVE-2019-7288

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-27T20:15:14.500

Modified: 2020-10-30T20:15:27.923

Link: CVE-2019-7288

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "12.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.14", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos ."}], "problemTypes": [{"descriptions": [{"description": "A thorough security audit of the FaceTime service uncovered an issue with Live Photos\u00a0", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:23:12", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT209520"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT209521"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-7288", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.1"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.14"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A thorough security audit of the FaceTime service uncovered an issue with Live Photos\u00a0"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT209520", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT209520"}, {"name": "https://support.apple.com/en-us/HT209521", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT209521"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:46:45.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT209520"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT209521"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-7288", "datePublished": "2020-10-27T19:23:12", "dateReserved": "2019-01-31T00:00:00", "dateUpdated": "2024-08-04T20:46:45.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFE9E51E-D927-4F8A-9290-DE9E7786C423", "versionEndExcluding": "12.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EC331DC-EE67-426B-8C75-1E0E070901B8", "versionEndExcluding": "10.14.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos ."}, {"lang": "es", "value": "El problema se abord\u00f3 con una comprobaci\u00f3n del servidor FaceTime mejorada.  Este problema se corrigi\u00f3 en Supplemental Update de macOS Mojave versi\u00f3n 10.14.3, iOS versi\u00f3n 12.1.4. Una auditor\u00eda de seguridad exhaustiva del servicio FaceTime descubri\u00f3 un problema con Live Photos"}], "id": "CVE-2019-7288", "lastModified": "2020-10-30T20:15:27.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:14.500", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT209520"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT209521"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}