PT-2019-19148 · Apple · Watchos+1
Jeff Braswell
·
Published
2019-12-18
·
Updated
2019-12-20
·
CVE-2019-8682
CVSS v3.1
2.4
Low
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 12.4
watchOS versions prior to 5.3
Description
The issue allows a user to inadvertently complete an in-app purchase while on the lock screen. This is due to inadequate UI handling.
Recommendations
For iOS versions prior to 12.4, update to iOS 12.4 to resolve the issue.
For watchOS versions prior to 5.3, update to watchOS 5.3 to resolve the issue.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios
Watchos