VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 18, 2019· Updated Aug 4, 2024

CVE-2019-8565

CVE-2019-8565

Description

A race condition in macOS and iOS allowed a malicious application to escalate privileges to root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A race condition in macOS and iOS allowed a malicious application to escalate privileges to root.

Vulnerability

A race condition exists in the 802.1X subsystem on Apple platforms. The issue is addressed by adding extra validation. Affected versions include macOS Mojave before 10.14.4 and iOS before 12.2 [1][2]. The code path is reachable from any application running on the device.

Exploitation

An attacker needs to run a malicious application on a vulnerable device. No particular network position or user interaction beyond installing the app is required. The race condition must be triggered by the malicious application during a window of time when system state is inconsistent.

Impact

A successful exploit allows the malicious application to gain root privileges on the affected device. This gives the attacker full control over the system, compromising confidentiality, integrity, and availability.

Mitigation

The vulnerability is fixed in macOS Mojave 10.14.4 (released March 25, 2019) and iOS 12.2 (released March 25, 2019) [1][2]. No workaround is documented. Users should update to the latest versions.

References
  1. About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra - Apple Support
  2. About the security content of iOS 12.2 - Apple Support

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.