CVE-2019-8522
Description
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An encrypted volume in macOS Mojave before 10.14.4 can be unmounted and remounted by a different user without password prompt, allowing unauthorized access.
Vulnerability
A logic issue in macOS Mojave up to version 10.14.3 allows an encrypted volume to be unmounted and remounted by a different user without prompting for the password. The issue is addressed in macOS Mojave 10.14.4 [1].
Exploitation
An attacker with local access to a system where an encrypted volume is mounted can unmount it and then remount it under their own user context without being prompted for the volume's password. The exact steps are not detailed in the reference, but the vulnerability requires the attacker to have physical or remote access to the system as a different user.
Impact
A different user can gain access to the contents of an encrypted volume without knowing the password, leading to unauthorized disclosure of sensitive data.
Mitigation
The vulnerability is fixed in macOS Mojave 10.14.4, released March 25, 2019 [1]. Users should update to this version or later. No workaround is mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.14.4
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- support.apple.com/HT209600mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.