CVE-2019-6223
Last modified
CVE-2019-6223 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. CISA has confirmed active exploitation in the wild. EPSS estimates a 2.63% chance of exploitation in the next 30 days.
Description
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | < 12.1.4 |
| Apple | Mac Os X | < 10.14.3 |
References
- https://support.apple.com/HT209520Release Notes, Vendor Advisory
- https://support.apple.com/HT209521Release Notes, Vendor Advisory
- https://support.apple.com/HT209520Release Notes, Vendor Advisory
- https://support.apple.com/HT209521Release Notes, Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6223US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2019-6223?
How severe is CVE-2019-6223?
How do I fix CVE-2019-6223?
Are you affected by CVE-2019-6223?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST