Input validation error in iPadOS

#VU30534 Input validation error in iPadOS

Published: 2019-12-18 | Updated: 2020-07-17

Vulnerability identifier: #VU30534

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8793

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
iPadOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.

Mitigation
Install update from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1 - 13.1.3

External links
http://support.apple.com/HT210721

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple iPadOS