#VU17158 Security restrictions bypass in Apple iOS - CVE-2019-6206
Published: January 23, 2019 / Updated: January 29, 2019
Vulnerability identifier: #VU17158
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-6206
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to improper state management in the Keyboard component with autofill resuming after it was canceled. A remote attacker can cause password autofill fill in passwords after they were manually cleared.
The weakness exists due to improper state management in the Keyboard component with autofill resuming after it was canceled. A remote attacker can cause password autofill fill in passwords after they were manually cleared.
Remediation
Update to version 12.1.3.