** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

![](https://news.ycombinator.com/s.gif)

Deja Vu.

\> you can send the callee the message the caller gets when the callee answers

This is the exact same type of bug that was in libssh: https://www.nccgroup.trust/uk/our-research/technical-advisor...

"possible to bypass authentication by presenting to the server an SSH2\_MSG\_USERAUTH\_SUCCESS message in place of the SSH2\_MSG\_USERAUTH\_REQUEST message which the server would expect to initiate authentication"

Also, Apple had a FaceTime bug of very similar nature:

https://www.theverge.com/2019/1/28/18201383/apple-facetime-b...

"you begin calling somebody via FaceTime Video from within the Phone app. Before that person picks up, you can swipe up to add your own phone number to the call. Once you’ve added yourself, FaceTime immediately seems to assume it’s an active conference call and begins sending the audio of the person you’re calling"

![](https://news.ycombinator.com/s.gif)

  

And what’s the common theme here? Naive switch statement logic instead of a real state machine with fully mapped transitions.

![](https://news.ycombinator.com/s.gif)

\> State machine bug in Signal app

Exploitable in the Android Signal app in particular; not the iOS one.

![](https://news.ycombinator.com/s.gif)

  

It’s potentially exploitable on iOS, but a UI issue has so far prevented the exploit from being useful. That’s not to say it couldn’t be exploited in a useful manner, and the vulnerability is still present. Continuing to use an unpatched version on iOS would be high-risk.

![](https://news.ycombinator.com/s.gif)

The bug tracker requires javascript, transcript for anyone that doesn't want to enable it:

There is a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up.

In the Android client, there is a method handleCallConnected that causes the call to finish connecting. During normal use, it is called in two situations: when callee device accepts the call when the user selects 'accept', and when the caller device receives an incoming "connect" message indicating that the callee has accepted the call. Using a modified client, it is possible to send the "connect" message to a callee device when an incoming call is in progress, but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device. The connected call will only be an audio call, as the user needs to manually enable video in all calls. The iOS client has a similar logical problem, but the call is not completed due to an error in the UI caused by the unexpected sequence of states. I would recommend improving the logic in both clients, as it is possible the UI problem doesn't occur in all situations.

To reproduce this problem on the Android client, replace the method handleSetMuteAudio in the file WebRtcCallService.java with the following method.

      private void handleSetMuteAudio(Intent intent) {
    
        Log.e(TAG, "SENDING MESSAGE");
    
        this.dataChannel.send(new DataChannel.Buffer(ByteBuffer.wrap(Data.newBuilder().setConnected(Connected.newBuilder().setId(this.callId)).build().toByteArray()), false));
    
         intent.putExtra(EXTRA_CALL_ID, this.callId);
         intent.putExtra(EXTRA_REMOTE_ADDRESS, recipient.getAddress());
         handleCallConnected(intent);
      }
    

Then build the client and install it and make a call. When the call is ringing, the audio mute button can be pressed to force the callee device to connect, and audio from the callee device will be audible.

This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.

![](https://news.ycombinator.com/s.gif)

  

Thank you, why absolutely no text can be displayed without JS enabled is beyond me. The page source is filled to the brim with trackers.

![](https://news.ycombinator.com/s.gif)

\> The page source is filled to the brim with trackers.

I would expect nothing less from a site owned by google.

![](https://news.ycombinator.com/s.gif)

On the contrary; on a site owned by Google (or any other tracking company), I expect there to be only their own tracker(s), unlike on most other commercial sites, where there are often dozens.

And the requests I see seem to indicate just that: it only tried to load Google Analytics.

![](https://news.ycombinator.com/s.gif)

It looks like this was shortly preceded by https://bugs.chromium.org/p/project-zero/issues/detail?id=19... which was an exploration of the fact that making a call induces RTP data processing on a recipient device during a call, prior to the recipient answering.

That 'seems' innocuous (and both Signal and WebRTC had reasonable arguments around expecting that behaviour) but this follow-up exploit looks more serious, and the researcher is correct to note how an expanded attack surface can lead to problems like this :/

![](https://news.ycombinator.com/s.gif)

It's fixed and updated.

But this demonstrates how much advantages open-source software has, this transparency does pay off with users who are gradually paying attention to the technology and security landscapes.

![](https://news.ycombinator.com/s.gif)

What I don't understand is:

I'm a big fan of maintaining a forced 90 day disclosure period to pressure companies that do not address relevant security bugs.

But why, when a security issue is fixed, whitehats tend to always disclose immediately? Since it is fixed it is not relevant any more, and disclosing now only increases the likelihood of a hacker abusing the bug. Instead wouldn't it be better if the targeted entity just disclosed that "a critical security vulnerability was found" and that "users should upgrade immediately"?

I don't see the point of disclosing the specifics of a fixed security vulnerability soon after the fix? I understand that recognition is an important factor, but isn't it more logical to delay the recognition step for e. g. 6 months?

![](https://news.ycombinator.com/s.gif)

Because blackhats look through updates to determine what has been fixed by reversing the change, and try to capitalize on the time between an update being available and it being widely deployed. The more you raise awareness of people that might be susceptible to attack in that time frame to get them to update sooner than automated systems would allow, the less victims there are to exploit.

I imagine there's probably a short time after update release, almost definitely in the single or double digit hours range, where you might be helping the blackhat that would reverse it do it quicker, but it's probably hard to do more harm than benefit by releasing the details earlier than later.

![](https://news.ycombinator.com/s.gif)

  

Well, even if the bug report wasn't disclosed, there's a decent chance it was reverse engineered out of the patch that was released a week ago by anyone with enough determination. It seems like the act of disclosing it soon after the patch is available allows information to propagate through the security community, which in theory helps accelerate the spread of the update.

![](https://news.ycombinator.com/s.gif)

People need to know when to update. Disclosure provides an incentive to do so, especially in corporate eenvironments.

Hackers on the other hand don't need to be informed, they can always look for juicy bugs the moment fixes are rolled out.

![](https://news.ycombinator.com/s.gif)

It thrills me to no end that there aren’t a bunch of snarky comments about “OH THIS PROVES SIGNAL IS A TOOL OF THE NSA!!”.

Open-source software is great because you can find bugs like this by inspecting the software. Anything that is related to personal communications should be open-source.

![](https://news.ycombinator.com/s.gif)

I think open-source software is great as well, but assuming these kind of bugs are found because you can inspect the code is very wishful thinking that doesn't always hold up.

This specific example required a Google department to find it. Who would have found it if Google got restrained by the NSA?. Other notable examples include openSSL.

On top of that, here is a great talk about how easy it would be to infiltrate open source projects: https://www.youtube.com/watch?v=fwcl17Q0bpk

![](https://news.ycombinator.com/s.gif)

The fact it's open source enabled someone outside the project to find it in practice. While also possible with closed source software, if you think the bar is possibly too high with an open source project, it is an order of magnitude higher with closed source.

Also, please don't say "Google". A bunch of hackers (on Google's payroll) found it, not Google. We can't tell what would've happened in a counterfactual universe where Google was not financing Project Zero.

![](https://news.ycombinator.com/s.gif)

I’m shocked at how cynical your perspective is that you don’t grant credit here.

Like if I said “the police didn’t save me from the hostage situation. Some hero saved me who happened to be working for the police. In an alternate universe we don’t where this guy isn’t employed by the police, we don’t know if he wouldn’t have saved me anyway”

Can’t you just say, thanks police, you saved me.

![](https://news.ycombinator.com/s.gif)

  

I just prefer congratulating the actual people that did this instead of the relatively arbitrary money supplier. You could say I'm equally shocked that credit is propagated as "Google" instead of the names of the researchers.

![](https://news.ycombinator.com/s.gif)

  

The reason I said Google because I think that if the NSA pulled some strings at Google, this exploit would not have been published. As such this was all in the hands of Google.

![](https://news.ycombinator.com/s.gif)

Do you know what your app library dependency is doing? They talked about advertising and that got people up in a roar... but what if it’s doing reconnaissance? Mapping out your build and deploy infrastructure because you fetch externally from 12 different locations along your pipeline. Then one day they target a specific company in a patch release and then fix it later. In a high release project you would never know.

Who’s got your back on that?

![](https://news.ycombinator.com/s.gif)

  

What it does mean is that the community can fix it, and you don’t have to divert time from a product approved sprint to fix sec bugs.

![](https://news.ycombinator.com/s.gif)

  

It's also ironic that the community fixing something for a security issue isn't going to help much since almost all the users rely on the app stores (Play Store in this case, since it seems like this is Android specific) for updates and wouldn't get any fixes unless they're tech savvy or until the developer (Signal) pushes the update to the Play Store and Google approves it.

![](https://news.ycombinator.com/s.gif)

\> It thrills me to no end that there aren’t a bunch of snarky comments about “OH THIS PROVES SIGNAL IS A TOOL OF THE NSA!!”.

There are no such comments here as of this post, or are you lost?

CVE-2019-17192: Signal: Incoming call can be connected without user interaction

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

CVE-2019-16709: memory leaks in XCreateImage · Issue #1531 · ImageMagick/ImageMagick

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

CVE-2019-16710: memory leaks · Issue #1528 · ImageMagick/ImageMagick

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

CVE-2019-16294: Scintilla

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

*   Details
*   Reviews
*   Installation
*   Development

Sell tickets and collect RSVPs with the free Event Tickets plugin, from the team behind the number one calendar in WordPress.

This plugin makes it easy to sell tickets, collect registrations, and manage attendees for your in-person or virtual events. Plus, it comes with features backed by our world-class team of developers and designers. Easily integrate Event Tickets with your Stripe account or PayPal business account.

Connect to Stripe and take advantage of one of the world’s most popular payment gateways. Our Stripe integration lets you accept credit card payments on your website, along with additional payment methods including AfterPay, ClearPay, AliPay, Giropay, and Klarna.

See more videos on our YouTube channel

Easily connect to PayPal without any complicated API keys or code through our quick connection wizard in your WordPress backend. With just a few clicks, you can begin selling tickets and enable payment through PayPal, Venmo, and credit cards.

Even more, you can upgrade to Event Tickets Plus and unlock additional payment methods including digital wallets like ApplePay and Google Pay through Stripe, or use WooCommerce to take advantage of popular payment solutions including Braintree, Square, AmazonPay, and more.

**🎟️ Ticketing and Registration for WordPress**

See Event Tickets in action on our demo site. Just getting started? Check out the Getting Started Guide for an introduction to features, settings, and functionality.

Looking for additional features like custom registration fields, QR check-in, Zoom integration, and more? **Check out Event Tickets Plus and our other add-ons**.

**🔌🎨 Plug and Play or Customize**

Event Tickets is built to work out of the box. Just install the plugin, configure your settings, and start collecting RSVPs and selling tickets in minutes.

Add your own touch by using Event Tickets as the foundation for customization. Personalize to your heart’s content with the help of a skeleton stylesheet, partial template overrides, template tags, hooks and filters, careful documentation, and a library of free extensions.

Whether your vision is big or small, you’re in good company. Thousands of small businesses, musicians, venues, restaurants, and non-profits are increasing revenue from their in-person and virtual events with Event Tickets. Our plugins have also been scaled to work on large networks for Fortune 100 companies, universities, and government institutions.

**✨ Features**

✔️ Attendees can purchase tickets to events  
✔️ Attendees can RSVP to events  
✔️ Sell tickets with PayPal and/or Stripe using our free commerce solution, Tickets Commerce.  
✔️ Add RSVPs and tickets to posts, pages, or custom post types  
✔️ Collect ticket fees by connecting your PayPal business or Stripe account  
✔️ Generate sales and attendee reports  
✔️ Ticket stock countdown  
✔️ Automatic ticket confirmation emails  
✔️ Works out of the box with The Events Calendar  
✔️ Responsive design works on all devices  
✔️ Tested on the major theme frameworks such as Avada, Genesis, Kadence, Thesis and many more.  
✔️ Internationalized & translated  
✔️ Extensive template tags for customization  
✔️ Hooks & filters galore  
✔️ Library of extensions

Upgrade to Event Tickets Plus for full WooCommerce integration to use additional payment gateways.

**📃 Documentation**

All of our documentation can be found in our knowledgebase.

Additional helpful links:

*   Guide: Getting Started with Event Tickets
*   Installing Event Tickets Video
*   Using Tickets Commerce Video
*   Do I need Event Tickets or Event Tickets Plus?
*   How to Make Money with Virtual Events
*   Implementing Stripe on Event Tickets and Event Tickets Plus

If you have any questions about this plugin, you can post a thread in the WordPress.org forum. Please search existing threads before starting a new on

**➕ Add-Ons**

Take your calendar to the next level by pairing it with our plugins for ticketing, crowdsourcing, email marketing, and more. Learn more about all our products on our website.  
Our Free Plugins:  
📅 The Events Calendar  
📐 Advanced Post Manager

Our Premium Plugins and Services:

⚡ Events Calendar Pro  
↪️ Event Aggregator (service)  
🎟️ Event Tickets Plus  
✉️ Promoter  
👥 Community Events  
🎟️ Community Tickets  
✏️ Filter Bar  
🗓️ Eventbrite Tickets  
📡 Virtual Events

**Help**

If you aren’t familiar with Event Tickets, check out our Getting Started Guide. It will have you creating tickets in no time.

Ready to dig deeper? Check out these resources:

*   Tutorials
*   Known Issues
*   Help Videos
*   Release Notes

We check in on the Event Tickets forum here on WordPress.org about once a week to help users with basic troubleshooting and identifying bugs. If you’re looking for premium, personalized support, consider upgrading to Event Tickets Plus.

Still have a question? Shoot us an email at support@theeventscalendar.com.

**Translate**

Event Tickets is translated into multiple languages, including German, Danish, and Dutch. Help localize Event Tickets even further by adding your locale – visit translate.wordpress.org.

1.  From the dashboard of your site, navigate to Plugins –> Add New.
2.  Select the Upload option and hit “Choose File.”
3.  When the popup appears select the event-tickets.x.x.zip file from your desktop. (The ‘x.x’ will change depending on the current version number).
4.  Follow the on-screen instructions and wait as the upload completes.
5.  When it’s finished, activate the plugin via the prompt. A message will show confirming activation was successful.
6.  For access to new updates, make sure you have added your valid License Key under Tickets –> Settings –> Licenses.

**Are there any troubleshooting steps I should try before I post a new thread in the support forum?**

First, make sure that you’re running the latest version of Event Tickets. If you’ve got any other add-ons, make sure those are current and running the latest code as well. Also be sure to check our knowledgebase.

The most common issues we see are either plugin or theme conflicts. You can test if a plugin or theme is conflicting by manually deactivating other plugins until just Event Tickets is running on your site. If the issue persists, revert to the default Twenty Twenty theme. If the issue is resolved after deactivating a specific plugin or your theme, you’ll know that is the source of the conflict.

Note that we aren’t going to say “tough luck” if you identify a plugin/theme conflict. While we can’t guarantee 100% integration with any plugin or theme out there, we will do our best (and reach out the plugin/theme author as needed) to figure out a solution that benefits everyone.

**I’m still stuck. Where do I go to file a bug or ask a question?**

Free plugin users can post in the Event Tickets support forum on WordPress.org. Our team reviews that forum weekly to look for bug reports.

If you’re already an Event Tickets Plus subscriber, you’re entitled to our actively-monitored Premium Support on our website. Generally, except in times of increased support loads, we reply to all premium support tickets within 24 hours during the business week.

**What’s the difference between Event Tickets and Events Tickets Plus?**

Event Tickets is our free ticketing plugin that has all the basics you need to sell tickets and collect RSVPs on your website. You can use Event Tickets with or without The Events Calendar.

Event Tickets Plus is a premium plugin that runs alongside Event Tickets and enhances it with extra features, including custom registration fields, shortcodes, WooCommerce integration, enhanced Stripe functionality for Stripe for Tickets Commerce, our mobile ticketing app and more.

Read more to learn which plugin is right for you.

**Do I need The Events Calendar to run Event Tickets?**

Nope! Event Tickets works with or without The Events Calendar. Even if you don’t have The Events Calendar, you can create RSVPs and tickets on WordPress pages and posts.

**Can I email attendees using Event Tickets?**

Yes. Event Tickets automatically sends an email confirmation after attendees register or RSVP for an event. If the attendee purchases a ticket, the confirmation email will also provide a ticket to scan at the door for admission.

**What add-ons are available for Event Tickets, and where can I read more about them?**

The following add-ons are available for The Events Calendar:

*   Events Calendar Pro, for adding premium calendar features like recurring events, advanced views, cool widgets, shortcodes, additional fields, and more!
*   Event Aggregator, a service that effortlessly fills your calendar with events from Meetup, Google Calendar, iCalendar, Eventbrite, CSV, and ICS.
*   Virtual Events, which optimizes your calendar for virtual events including Zoom integration, video and livestream embeds, SEO optimization for online events and more.
*   Event Tickets Plus, which allows you to sell tickets for your events using your favorite e-commerce platform.
*   Promoter, automated email communication made just for The Events Calendar and Event Tickets. Stay in touch with your attendees every step of the way.
*   Community Events, for allowing frontend event submission from your readers.
*   Community Tickets, which allows event organizers to sell tickets to the events they submit via Community Events.
*   Filter Bar, for adding advanced frontend filtering capabilities to your events calendar.
*   Eventbrite Tickets, for selling tickets to your event directly through Eventbrite.

**I have a feature idea. What’s the best way to tell you about it?**

We’ve got a LoopedIn page where we’re actively watching for feature ideas from the community. Vote up existing feature requests or add your own, and help us shape the future of the products business in a way that best meets the community’s needs.

**I’ve still got questions. Where can I find answers?**

Check out our extensive knowledgebase for articles on using, tweaking, and troubleshooting our plugins.

Both my client and myself are very disappointed with the modernization process of TEC + Tickets Pro to the Block Editor. Every step has been painful for over 6 months. We’ll be replacing this with a competing plugin.

Email support was good. Apart from referring to the manuals, as they should, they still investigated further and gave us a solution for our problem. Well done!

So many bug when it comes to payment and support is so so so slow. I am losing sales because to this. Using Stripe: Apple pay freezes No Way to turn off Apple Pay, turning it off doesnt save Can't validate webhook Support keeps asking me to create a staging to test, sure, but they take a week to reply. Some support staff even told me they have no experience with apple pay and it is not their feature, i mean...come on...its right there in your setting

Followed the documentation, but cannot get Stripe to validate webhook. Read other support threads and have confirmed that everything is in order as per the documentation. I was testing out the plugin, but given the time wasted, there is no way I will continue to use it to sell tickets if the free version which includes a 2% fee doesn't work, why would I bother upgrading to the premium version. Seem to much of a risk. Also, looking at people comments, it seems support is slow (they are constantly away from the office/out of the office. Look at other plugins out there.

Constant issues. Nearly impossible to make work. Stops working for no apparent reason. I make websites, used probably hundreds of different plugins over the years. This is in the top 5 worst. There is an easy/user friendly way to do things. This plugin does the opposite in nearly every avenue.

Despite having over 18 months of warning from EDD that their plugin needed updating, they have failed to make any progress whatsoever. They use incompatible, depreciated methods which means tickets sold do not have the attendees details saved, just the purchaser. If I could give this negative stars, I would.

Read all 130 reviews

“Event Tickets and Registration” is open source software. The following people have contributed to this plugin.

Contributors

**\[5.5.8\] 2023-02-22**

*   Version – Event Tickets 5.5.8 is only compatible with The Events Calendar 6.0.10 and higher.
*   Version – Event Tickets 5.5.8 is only compatible with Event Tickets Plus 5.6.7 and higher.
*   Tweak – PHP version compatibility bumped to PHP 7.4
*   Tweak – Version Composer updated to 2
*   Tweak – Version Node updated to 18.13.0
*   Tweak – Version NPM update to 8.19.3
*   Tweak – Reduce JavaScript bundle sizes for Blocks editor

**\[5.5.7\] 2023-02-09**

*   Enhancement – Added currency format options to alter currency decimal separator, thousand separator, and number of decimal places. \[ET-1608\]
*   Tweak – Updated Currency options in Tickets Commerce settings for Croatian users from Kuna (HRK) to Euro (EUR). \[ET-1625\]
*   Tweak – Updated Attendee Registration Fields upsell notice to only display in admin dashboard. \[CT-67\]
*   Fix – Resolve provisional IDs properly on the event edit screen for ticket management actions. \[ET-1632\]
*   Fix – Fixed Ticket Commerce cart cookies not getting saved. \[ET-1629\]
*   Language – 28 new strings added, 189 updated, 5 fuzzied, and 3 obsoleted

**\[5.5.6\] 2023-01-16**

*   Tweak – Updated the settings description for stock handling options. \[ET-1603\]
*   Tweak – Added the tribe-tickets__tickets-item--shared-capacity wrapper class for tickets having shared capacity. \[ETP-841\]
*   Tweak – Added a dashboard notice for sites running PHP versions lower than 7.4 to alert them that the minimum version of PHP is changing to 7.4 in February 2023.
*   Enhancement – Added search capabilities to the Tickets Commerce Orders report page. \[ET-1259\]
*   Fix – Allow loading attendance page with event_id params that use The Events Calendar provisional IDs. \[ET-1624\]
*   Language – 4 new strings added, 43 updated, 0 fuzzied, and 2 obsoleted

**\[5.5.5\] 2022-12-08**

*   Fix – Remove need for Platform Controls to verify webhook signatures in Stripe. \[ET-1508\]
*   Fix – Fixed the order of tickets in an event changing when you haven’t manually requested it. \[ET-1568\]
*   Fix – Fixed shared capacity tickets only showing the lowest capacity between the shared pool tickets. \[ETP-815\]
*   Tweak – Removed locale param for Tickets Commerce JS SDK as per PayPal recommendation. \[ET-1615\]
*   Language – 110 new strings added, 193 updated, 5 fuzzied, and 24 obsoleted

**\[5.5.4\] 2022-11-09**

*   Fix – Fixes multiple of the same ticket form being on the same page being out of sync. \[GTRIA-729\]
*   Fix – Added a JS event that checks for attendee label validation if ET+ is active. \[ETP-803\]

**\[5.5.3\] 2022-10-31**

*   Fix – Orderby param not working for Attendee archive REST API. \[ET-1591\]
*   Fix – Properly save the check-in details for attendees on check-in. \[ETP-819\]
*   Fix – TicketsCommerce ticketed events not showing up for Events REST API. \[ET-1567\]
*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0
*   Enhancement – Added support for name and email param for searching in Attendee archive REST API. \[ET-1591\]
*   Enhancement – Add template tag to properly check if The Events Calendar is active. \[ETP-820\]
*   Enhancement – Add attendance information to the events REST API endpoint. \[ET-1580\]
*   Enhancement – Add check_in argument support for attendees REST API endpoint. \[ET-1588\]
*   Language – 0 new strings added, 18 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.2\] 2022-10-20**

*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0

**\[5.5.1\] 2022-09-22**

*   Fix – Listing tickets is no longer limited by the global settings. \[ET-1584\]
*   Fix – Correct parameter type hinting when param can be null. \[ET-1582\]
*   Fix – Showing Checkout not available and credit card fields at the same time for PayPal gateway in TicketsCommerce. \[ETP-812\]
*   Language – 0 new strings added, 1 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.0\] 2022-09-06**

*   Version – Event Tickets 5.5.0 is only compatible with The Events Calendar 6.0.0 and higher.
*   Version – Event Tickets 5.5.0 is only compatible with Event Tickets Plus 5.6.0 and higher.
*   Enhancement – Adds a compatibility layer to work with the new Recurrence Backend Engine in TEC/ECP.
*   Language – 4 new strings added, 49 updated, 0 fuzzied, and 3 obsoleted

See changelog for all versions

CVE-2019-16120: Event Tickets and Registration

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

_Published September 3, 2019 | Updated September 12, 2019_

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2019-09-05 or later address all issues in this bulletin and all issues in the September 2019 Android Security Bulletin. To learn how to check a device's security patch level, see Check & update your Android version.

All supported Google devices will receive an update to the 2019-09-05 patch level. We encourage all customers to accept these updates for their devices.

**Announcements**

In addition to the security vulnerabilities described in the September 2019 Android Security Bulletin, supported Google devices that are updated to Android 10 also contain patches for the security vulnerabilities described in this bulletin. Partners were notified that these issues are addressed in Android 10.

**Security patches**

The following tables include security patches that are addressed on Pixel devices with Android 10. Vulnerabilities are grouped under the component that they affect. Issues are described in the below tables and include CVE ID, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Broadcom components**

    

CVE

References

Type

Severity

Component

CVE-2019-9426

A-110460199\*

EoP

Moderate

Bluetooth

**LG components**

    

CVE

References

Type

Severity

Component

CVE-2019-9436

A-127320561\*

EoP

Moderate

Bootloader

CVE-2019-2191

A-68770980\*

ID

Moderate

Bootloader

CVE-2019-2190

A-68771598\*

ID

Moderate

Bootloader

**Kernel components**

    

CVE

References

Type

Severity

Component

CVE-2019-9345

A-27915347\*

EoP

High

Kernel

CVE-2019-9461

A-120209610\*

ID

High

VPN

CVE-2019-9248

A-120279144\*

EoP

Moderate

Touch driver

CVE-2019-9270

A-65123745\*

EoP

Moderate

Wi-Fi

CVE-2019-2182

A-128700140  
Upstream kernel

EoP

Moderate

Kernel MMU

CVE-2019-9271

A-69006201\*

EoP

Moderate

MNH driver

CVE-2019-9273

A-70241598\*

EoP

Moderate

Touch driver

CVE-2019-9274

A-70809925\*

EoP

Moderate

MNH driver

CVE-2019-9275

A-71508439\*

EoP

Moderate

MNH driver

CVE-2019-9276

A-70294179\*

EoP

Moderate

Touch driver

CVE-2019-9441

A-69006882\*

EoP

Moderate

MNH driver

CVE-2019-9442

A-69808778\*

EoP

Moderate

MNH driver

CVE-2019-9443

A-70896844\*

EoP

Moderate

VL53L0 driver

CVE-2019-9446

A-118617506\*

EoP

Moderate

Touch driver

CVE-2019-9447

A-119120571  
Upstream kernel

EoP

Moderate

Touch driver

CVE-2019-9448

A-120141999  
Upstream kernel

EoP

Moderate

Touch driver

CVE-2019-9450

A-120141034  
Upstream kernel

EoP

Moderate

Touch driver

CVE-2019-9451

A-120211415  
Upstream kernel

EoP

Moderate

Touch driver

CVE-2019-9454

A-129148475  
Upstream kernel

EoP

Moderate

I2C driver

CVE-2019-9456

A-71362079  
Upstream kernel

EoP

Moderate

USB driver

CVE-2019-9457

A-116716935  
Upstream kernel

EoP

Moderate

Kernel

CVE-2019-9458

A-117989855  
Upstream kernel

EoP

Moderate

Video driver

CVE-2019-8912

A-125367761  
Upstream kernel

EoP

Moderate

Crypto

CVE-2018-18397

A-124036248  
Upstream kernel

EoP

Moderate

Storage

CVE-2018-14614

A-116406552  
Upstream kernel

EoP

Moderate

Storage

CVE-2018-1000199

A-110918800  
Upstream kernel

EoP

Moderate

ptrace

CVE-2018-13096

A-113148557  
Upstream kernel

EoP

Moderate

Storage

CVE-2018-5803

A-112406370  
Upstream kernel

DoS

Moderate

SCTP

CVE-2019-2189

A-112312381

EoP

Moderate

Image driver

CVE-2019-2188

A-112309571\*

EoP

Moderate

Image driver

CVE-2017-16939

A-70521013  
Upstream kernel

EoP

Moderate

Netlink XFRM

CVE-2018-20169

A-120783657  
Upstream kernel

ID

Moderate

USB driver

CVE-2019-9245

A-120491338  
Upstream kernel

ID

Moderate

Storage driver

CVE-2019-9444

A-78597155  
Upstream kernel

ID

Moderate

Storage driver

CVE-2019-9445

A-118153030  
Upstream kernel

ID

Moderate

Storage driver

CVE-2019-9449

A-120141031  
Upstream kernel

ID

Moderate

Touch driver

CVE-2019-9452

A-120211708  
Upstream kernel

ID

Moderate

Touch driver

CVE-2019-9453

A-126558260  
Upstream kernel

ID

Moderate

Storage driver

CVE-2019-9455

A-121035792  
Upstream kernel

ID

Moderate

Video driver

CVE-2018-19985

A-131963918  
Upstream kernel

ID

Moderate

USB driver

CVE-2018-20511

A-123742046  
Upstream kernel

ID

Moderate

nNet/AppleTalk

CVE-2018-1000204

A-113096593  
Upstream kernel

ID

Moderate

Storage

**Qualcomm components**

    

CVE

References

Type

Severity

Component

CVE-2017-14888

A-70237718  
QC-CR#2119729

N/A

Moderate

WLAN host

CVE-2018-3573

A-72957667  
QC-CR#2124525

N/A

Moderate

Bootloader

CVE-2017-15844

A-67749071  
QC-CR#2127276

N/A

Moderate

Kernel

CVE-2018-3574

A-72957321  
QC-CR#2148121 \[2\] \[3\]

N/A

Moderate

Kernel

CVE-2018-5861

A-77527684  
QC-CR#2167135

N/A

Moderate

Bootloader

CVE-2018-11302

A-109741923  
QC-CR#2209355

N/A

Moderate

WLAN host

CVE-2018-5919

A-65423852  
QC-CR#2213280

N/A

Moderate

WLAN host

CVE-2018-11818

A-111127974  
QC-CR#2170083 \[2\]

N/A

Moderate

MDSS driver

CVE-2018-11832

A-111127793  
QC-CR#2212896

N/A

Moderate

Kernel

CVE-2018-11893

A-111127990  
QC-CR#2231992

N/A

Moderate

WLAN host

CVE-2018-11919

A-79217930  
QC-CR#2209134 \[2\] \[3\]

N/A

Moderate

Kernel

CVE-2018-11939

A-77237693  
QC-CR#2254305

N/A

Moderate

WLAN host

CVE-2018-11823

A-112277122  
QC-CR#2204519

N/A

Moderate

Power

CVE-2018-11929

A-112277631  
QC-CR#2231300

N/A

Moderate

WLAN host

CVE-2018-11943

A-72117228  
QC-CR#2257823

N/A

Moderate

Bootloader

CVE-2018-11947

A-112277911  
QC-CR#2246110 \[2\]

N/A

Moderate

WLAN host

CVE-2018-11947

A-112278406  
QC-CR#2272696

N/A

Moderate

WLAN host

CVE-2018-11942

A-112278151  
QC-CR#2257688

N/A

Moderate

WLAN host

CVE-2018-11983

A-80095430  
QC-CR#2262576

N/A

Moderate

Kernel

CVE-2018-11984

A-80435805  
QC-CR#2266693

N/A

Moderate

Kernel

CVE-2018-11987

A-70638103  
QC-CR#2258691

N/A

Moderate

Kernel

CVE-2018-11985

A-114041193  
QC-CR#2163851

N/A

Moderate

Bootloader

CVE-2018-11988

A-114041748  
QC-CR#2172134 \[2\]

N/A

Moderate

Kernel

CVE-2018-11986

A-62916765  
QC-CR#2266969

N/A

Moderate

Camera

CVE-2018-12010

A-62711756  
QC-CR#2268386

N/A

Moderate

Kernel

CVE-2018-12006

A-77237704  
QC-CR#2257685 \[2\]

N/A

Moderate

Display

CVE-2018-13893

A-80302295  
QC-CR#2291309 \[2\]

N/A

Moderate

diag\_mask

CVE-2018-12011

A-109697864  
QC-CR#2274853

N/A

Moderate

Kernel

CVE-2018-13912

A-119053502  
QC-CR#2283160 \[2\]

N/A

Moderate

Camera

CVE-2018-13913

A-119053530  
QC-CR#2286485 \[2\]

N/A

Moderate

Display

CVE-2018-3564

A-119052383  
QC-CR#2225279

N/A

Moderate

DSP services

CVE-2019-2248

A-122474006  
QC-CR#2328906

N/A

Moderate

Display

CVE-2019-2277

A-127512945  
QC-CR#2342812

N/A

Moderate

WLAN host

CVE-2019-2263

A-116024809  
QC-CR#2076623

N/A

Moderate

Kernel

CVE-2019-2345

A-110849476  
QC-CR#2115578

N/A

Moderate

Camera

CVE-2019-2306

A-115907574  
QC-CR#2337383 \[2\]

N/A

Moderate

Display

CVE-2019-2299

A-117988970  
QC-CR#2243169

N/A

Moderate

WLAN host

CVE-2019-2312

A-117885392  
QC-CR#2341890

N/A

Moderate

WLAN host

CVE-2019-2314

A-120028144  
QC-CR#2357704

N/A

Moderate

Display

CVE-2019-2314

A-120029095  
QC-CR#2357704

N/A

Moderate

Display

CVE-2019-2302

A-130565935  
QC-CR#2300516

N/A

Moderate

WLAN host

CVE-2019-10506

A-117885703  
QC-CR#2252793

N/A

Moderate

WLAN host

CVE-2018-13890

A-111274306  
QC-CR#2288818

N/A

Moderate

WLAN host

CVE-2019-10507

A-132170503  
QC-CR#2253396

N/A

Moderate

WLAN host

CVE-2019-10508

A-132173922  
QC-CR#2288818

N/A

Moderate

WLAN host

CVE-2019-2284

A-132173427  
QC-CR#2358765

N/A

Moderate

Camera

CVE-2019-2333

A-132171964  
QC-CR#2381014 \[2\] \[3\]

N/A

Moderate

Kernel

CVE-2019-2341

A-132172264  
QC-CR#2389324 \[2\]

N/A

Moderate

Audio

CVE-2019-10497

A-132173298  
QC-CR#2395102

N/A

Moderate

Audio

CVE-2019-10542

A-134440623  
QC-CR#2359884

N/A

Moderate

WLAN host

CVE-2019-10502

A-134441002  
QC-CR#2401297 \[2\] \[3\]

N/A

Moderate

Camera

CVE-2019-10528

A-63528466  
QC-CR#2133028 \[2\]

N/A

Moderate

Kernel

CVE-2018-11825

A-117985523  
QC-CR#2205722

N/A

Moderate

WLAN host

CVE-2019-10565

A-129275872  
QC-CR#2213706

N/A

Moderate

Camera

**Qualcomm closed-source components**

    

CVE

References

Type

Severity

Component

CVE-2018-11899

A-69383398\*

N/A

Moderate

Closed-source component

CVE-2019-2298

A-118897119\*

N/A

Moderate

Closed-source component

CVE-2019-2281

A-129765896\*

N/A

Moderate

Closed-source component

CVE-2019-2343

A-130566880\*

N/A

Moderate

Closed-source component

**Functional patches**

Please see this post for a description of features included with Android 10.

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

Security patch levels of 2019-09-05 or later address all issues associated with the 2019-09-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?**

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

**Versions**

  

Version

Date

Notes

1.0

September 3, 2019

Bulletin published.

1.1

September 12, 2019

Bulletin updated.

CVE-2019-9456: Pixel Update Bulletin—September 2019  |  Android Open Source Project

In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2019-9461: Pixel Update Bulletin—September 2019  |  Android Open Source Project

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:19.mldv2 Security Advisory The FreeBSD Project Topic: ICMPv6 / MLDv2 out-of-bounds memory access Category: core Module: net Announced: 2019-08-06 Credits: CJD of Apple Affects: All supported versions of FreeBSD. Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) CVE Name: CVE-2019-5608 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used by IPv6 routers to discover multicast listeners. II. Problem Description The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. III. Impact A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. IV. Workaround No workaround is available. Systems not using IPv6 are not affected. V. Solution Perform one of the following: Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Reboot for security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. \[FreeBSD 11.2, FreeBSD 11.3\] # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc # gpg --verify mldv2.11.patch.asc \[FreeBSD 12.0\] # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc # gpg --verify mldv2.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350648 releng/12.0/ r350644 stable/11/ r350650 releng/11.3/ r350644 releng/11.2/ r350644 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW +UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0 15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo +F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl 5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU= =WaXC -----END PGP SIGNATURE-----

CVE-2019-5608

The cforms2 plugin before 14.6.10 for WordPress has SQL injection.

CVE-2015-9333: cformsII

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Security bulletin for Adobe Acrobat and Reader | APSB19-41

**Bulletin ID**

**Date Published**

**Priority**

APSB19-41

August 13, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

These updates will address important vulnerabilities in the software. Adobe will be assigning the following  priority ratings to these updates:

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVE Number**

Out-of-Bounds Read   

Information Disclosure   

Important   

CVE-2019-8077

CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Out-of-Bounds Write   

Arbitrary Code Execution    

Important  

CVE-2019-8098

CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command Injection 

Arbitrary Code Execution  

Important 

CVE-2019-8060

Use After Free   

Arbitrary Code Execution     

Important 

CVE-2019-8003

CVE-2019-8013

CVE-2019-8024  

CVE-2019-8025  

CVE-2019-8026  

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058  

CVE-2019-8059

CVE-2019-8061

CVE-2019-8257

Heap Overflow 

Arbitrary Code Execution     

Important 

CVE-2019-8066

CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer Error 

Arbitrary Code Execution     

 Important  

CVE-2019-8048

Double Free 

Arbitrary Code Execution     

Important   

CVE-2019-8044 

Integer Overflow

Information Disclosure

Important 

CVE-2019-8099

CVE-2019-8101

Internal IP Disclosure

Information Disclosure

Important 

CVE-2019-8097

Type Confusion

Arbitrary Code Execution  

Important 

CVE-2019-8019 

CVE-2019-8249

CVE-2019-8250

Untrusted Pointer Dereference

Arbitrary Code Execution 

Important 

CVE-2019-8006

CVE-2019-8017

CVE-2019-8045

Insufficiently Robust Encryption

Security feature bypass

Critical

CVE-2019-8237

Type Confusion

Information Disclosure

Important

CVE-2019-8251

CVE-2019-8252

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

*   Dhanesh Kizhakkinan of FireEye Inc. (CVE-2019-8066) 
*   Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences and Codesafe Team of Legendsec at Qi'anxin Group (CVE-2019-8029, CVE-2019-8030, CVE-2019-8031) 
*   (A.K.) Karim Zidani, Independent Security Researcher ; https://imAK.xyz/ (CVE-2019-8097) 
*   Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-8033, CVE-2019-8037)  
*   BUGFENSE Anonymous Bug Bounties https://bugfense.io (CVE-2019-8015) 
*   Haikuo Xie of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2019-8035, CVE-2019-8257) 
*   Wei Lei of STAR Labs (CVE-2019-8009, CVE-2019-8018, CVE-2019-8010, CVE-2019-8011) 
*   Li Qi(@leeqwind) & Wang Lei(@CubestoneW) & Liao Bangjie(@b1acktrac3) of Qihoo360 CoreSecurity(@360CoreSec) (CVE-2019-8012) 
*   Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8004, CVE-2019-8005, CVE-2019-8006, CVE-2019-8077, CVE-2019-8003, CVE-2019-8020, CVE-2019-8021, CVE-2019-8022, CVE-2019-8023) 
*   Haikuo Xie of Baidu Security Lab (CVE-2019-8032, CVE-2019-8036) 
*   ktkitty (https://ktkitty.github.io) working with Trend Micro Zero Day Initiative (CVE-2019-8014) 
*   Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-8008, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059) 
*   Mateusz Jurczyk of Google Project Zero (CVE-2019-8041, CVE-2019-8042, CVE-2019-8043, CVE-2019-8044, CVE-2019-8045, CVE-2019-8046, CVE-2019-8047, CVE-2019-8048, CVE-2019-8049, CVE-2019-8050, CVE-2019-8016, CVE-2019-8017) 
*   Michael Bourque (CVE-2019-8007) 
*   peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-8013, CVE-2019-8034) 
*   Simon Zuckerbraun of Trend Micro Zero Day Initiative (CVE-2019-8027) 
*   Steven Seeley (mr\_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-8019) 
*   Steven Seeley (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8098, CVE-2019-8099, CVE-2019-8100, CVE-2019-8101, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8106, CVE-2019-7965, CVE-2019-8105) 
*   willJ working with Trend Micro Zero Day Initiative (CVE-2019-8040, CVE-2019-8052) 
*   Esteban Ruiz (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8002) 
*   Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-8024, CVE-2019-8061, CVE-2019-8055) 
*   Zhaoyan Xu, Hui Gao of Palo Alto Networks (CVE-2019-8026, CVE-2019-8028) 
*   Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-8025) 
*   Bit of STARLabs working with Trend Micro Zero Day Initiative (CVE-2019-8038, CVE-2019-8039)
*   Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2019-8060)
*   Jens Müller (CVE-2019-8237)
*   Steven Seeley (mr\_me) of Source Incite (CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252)

August 14, 2019: Added acknowledgement for CVE-2019-8016 & CVE-2019-8017.

August 22, 2019: Updated CVE id from CVE-2019-7832 to CVE-2019-8066.

September 26, 2019: Added acknowledgement for CVE-2019-8060.

October 23, 2019: Inlcuded details about CVE-2019-8237.

November 19, 2019: Included details about CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252

December 10, 2019: Inlcuded details about CVE-2019-8257.

Tag

#apple