CVE-2019-8900

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Feb 21, 2025

Updated: Feb 22, 2025

CWE ID 94

Summary

CVE-2019-8900 is a vulnerability affecting the SecureROM of certain Apple devices. This issue enables an unauthenticated local attacker to execute arbitrary code upon booting the device by exploiting it while the device is in Device Firmware Update (DFU) mode and connected to a computer. The exploit does not provide persistent access, meaning rebooting the device terminates the attack. Access to the device's unlock PIN or fingerprint is necessary to bypass Apple's Secure Enclave or Touch ID features, so the vulnerability does not directly compromise protected information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SecureROM

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/cO4Jbd
https://www.cve.org/CVERecord?id=CVE-2019-8900
https://nvd.nist.gov/vuln/detail/CVE-2019-8900

Back to Vulnerability Database

CVE-2019-8900

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations