CVE-2019-8582

Name of the Vulnerable Software and Affected Versions iCloud for Windows versions prior to 7.12 tvOS versions prior to 12.3 iTunes for Windows versions prior to 12.9.5 macOS Mojave versions prior to 10.14.5 macOS High Sierra versions without Security Update 2019-003 macOS Sierra versions without Security Update 2019-003 iOS versions prior to 12.3

Description The issue is related to an out-of-bounds read that can be triggered by processing a maliciously crafted font, potentially resulting in the disclosure of process memory. This can be exploited by attackers using a specially crafted font to disclose process memory.

Recommendations For iCloud for Windows versions prior to 7.12, update to version 7.12 or later. For tvOS versions prior to 12.3, update to version 12.3 or later. For iTunes for Windows versions prior to 12.9.5, update to version 12.9.5 or later. For macOS Mojave versions prior to 10.14.5, update to version 10.14.5 or later. For macOS High Sierra, apply Security Update 2019-003. For macOS Sierra, apply Security Update 2019-003. For iOS versions prior to 12.3, update to version 12.3 or later.