PT-2020-11260 · Apple · Macos Sierra+4
Published
2020-10-27
·
Updated
2021-07-21
·
CVE-2019-8531
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
watchOS versions prior to 5.2
macOS Mojave versions prior to 10.14.4
macOS High Sierra versions prior to Security Update 2019-002
macOS Sierra versions prior to Security Update 2019-002
iOS versions prior to 12.2
Description
A validation issue existed in Trust Anchor Management, which has been addressed with improved validation. This issue may cause an untrusted radius server certificate to be trusted.
Recommendations
For watchOS versions prior to 5.2, update to watchOS 5.2 to resolve the issue.
For macOS Mojave versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue.
For macOS High Sierra versions prior to Security Update 2019-002, apply Security Update 2019-002 to resolve the issue.
For macOS Sierra versions prior to Security Update 2019-002, apply Security Update 2019-002 to resolve the issue.
For iOS versions prior to 12.2, update to iOS 12.2 to resolve the issue.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios
Macos High Sierra
Macos Mojave
Macos Sierra
Watchos