Use After Free Vulnerability in macOS Prior to 10.14.4
CVE-2019-8526

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 18 December 2019

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2019-8526?

A use after free vulnerability was identified in macOS that could allow a malicious application to gain elevated privileges. This issue relates to memory management flaws, and it has been addressed effectively in macOS Mojave version 10.14.4. Users are advised to update their systems to mitigate potential security risks.

CISA has reported CVE-2019-8526

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2019-8526 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

macOS < unspecified

References

https://support.apple.com/HT209600

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 17, 2023
🦅
CISA Reported
Apr 17, 2023
Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Feb 18, 2019

Apple

Badges

What is CVE-2019-8526?

CISA has reported CVE-2019-8526

Affected Version(s)

References

CVSS V3.1

Timeline