Insufficient Session Expiration in iPadOS - CVE-2019-8803
Published: December 18, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30539
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-8803
CWE-ID: CWE-613
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
iPadOS
iPadOS
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
How to mitigate CVE-2019-8803
Install update from vendor's website.