CVE-2019-6223

Warning

EPSS 0.45%
Published 05.03.2019 16:29:02
Last modified 28.02.2025 14:53:55
Source product-security@apple.com
Teams watchlist Login
Open Login

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

Affected products Warnungen 1 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version < 12.1.4

Apple ≫ macOS X Version < 10.14.3

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS and macOS Group Facetime Vulnerability

Vulnerability

Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.627

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://support.apple.com/HT209520

Vendor Advisory

Release Notes

https://support.apple.com/HT209521

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-6223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6223

EUVD