Vulnerability Description
A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | < 13.0 |
Related Weaknesses (CWE)
References
- https://vuldb.com/?id.143125
- https://www.scip.ch/en/?labs.20191010
- https://youtu.be/AeuGjMbAirU
- https://vuldb.com/?id.143125
- https://www.scip.ch/en/?labs.20191010
- https://youtu.be/AeuGjMbAirU
FAQ
What is CVE-2019-25071?
CVE-2019-25071 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the s...
How severe is CVE-2019-25071?
CVE-2019-25071 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25071?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.