CVE-2019-8790

Name of the Vulnerable Software and Affected Versions Swift versions prior to 5.1.1 Endpoint Security Initial Client for Windows (affected versions not specified)

Description The issue concerns incorrect management of file descriptors in URLSession, potentially leading to inadvertent data disclosure. Another problem is related to the lack of a secure DLL loading mechanism in the Endpoint Security Initial Client for Windows, which could allow an attacker to elevate privileges by running malicious payload.

Recommendations For Swift versions prior to 5.1.1, update to Swift 5.1.1 to fix the issue with incorrect URLSession file descriptors management logic. For Endpoint Security Initial Client for Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.