Security restrictions bypass in Apple iOS - CVE-2019-6206
Published: January 23, 2019 / Updated: January 29, 2019
Vulnerability identifier: #VU17158
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-6206
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to improper state management in the Keyboard component with autofill resuming after it was canceled. A remote attacker can cause password autofill fill in passwords after they were manually cleared.
The weakness exists due to improper state management in the Keyboard component with autofill resuming after it was canceled. A remote attacker can cause password autofill fill in passwords after they were manually cleared.
How to mitigate CVE-2019-6206
Update to version 12.1.3.