Apple iOS Up To 12.1.2 Keyboard Password Information Disclosure [CVE-2019-6206]
A vulnerability has been found in Apple iOS up to 12.1.2 and classified as problematic. This vulnerability affects a functionality of the component Keyboard. The manipulation with an unknown input leads to a information disclosure vulnerability (Password). The CWE definition for the vulnerability is CWE-200. As an impact it is known to affect confidentiality.
The weakness was presented 01/22/2019 as HT209443 as confirmed advisory (Website). The advisory is available at support.apple.com. This vulnerability was named CVE-2019-6206. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 01/23/2019). It expected to see the exploit prices for this product increasing in the near future.
Upgrading to version 12.1.3 eliminates this vulnerability.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.