← back
CVE-2019-8526

CVE-2019-8526

CVSS 7.8 HIGHEPSS 0.7%● KEVCWE-416
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 0.7%KEV simPoC Nuclei Metasploit Patch
Lifecycle
18 Dec 2019Published on NVD
17 Apr 2023Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A program in macOS Mojave could crash or be manipulated to run with higher privileges due to faulty memory management. This could allow an app to gain unauthorized administrative access.

Technical detail

Use-after-free vulnerability in memory management allowing privilege escalation. An attacker needs local execution context within a vulnerable application; exploitation could lead to arbitrary code execution with elevated privileges.

Summary generated and translated by AI from the official description.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · macOS