CVE-2019-8634

An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Potential Mitigations

References

https://support.apple.com/HT210119

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-8634
CWE	https://cwe.mitre.org/data/definitions/287.html

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	*	10.12.6 (excluding)
Mac_os_x	Apple	*	10.14.5 (excluding)
Mac_os_x	Apple	10.13 (including)	10.13.6 (excluding)
Mac_os_x	Apple	10.12.6 (including)	10.12.6 (including)
Mac_os_x	Apple	10.12.6-security_update_2017-001 (including)	10.12.6-security_update_2017-001 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-001 (including)	10.12.6-security_update_2018-001 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-002 (including)	10.12.6-security_update_2018-002 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-003 (including)	10.12.6-security_update_2018-003 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-004 (including)	10.12.6-security_update_2018-004 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-005 (including)	10.12.6-security_update_2018-005 (including)
Mac_os_x	Apple	10.12.6-security_update_2018-006 (including)	10.12.6-security_update_2018-006 (including)
Mac_os_x	Apple	10.12.6-security_update_2019-001 (including)	10.12.6-security_update_2019-001 (including)
Mac_os_x	Apple	10.12.6-security_update_2019-002 (including)	10.12.6-security_update_2019-002 (including)
Mac_os_x	Apple	10.13.6 (including)	10.13.6 (including)
Mac_os_x	Apple	10.13.6-security_update_2018-002 (including)	10.13.6-security_update_2018-002 (including)
Mac_os_x	Apple	10.13.6-security_update_2018-003 (including)	10.13.6-security_update_2018-003 (including)
Mac_os_x	Apple	10.13.6-security_update_2019-001 (including)	10.13.6-security_update_2019-001 (including)
Mac_os_x	Apple	10.13.6-security_update_2019-002 (including)	10.13.6-security_update_2019-002 (including)

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References