vulnerability

OS X update for Kernel (CVE-2019-14899)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:A/AC:M/Au:S/C:P/I:P/A:P)	Dec 11, 2019	Jul 16, 2020	Aug 13, 2025

Severity

CVSS

(AV:A/AC:M/Au:S/C:P/I:P/A:P)

Published

Dec 11, 2019

Added

Jul 16, 2020

Modified

Aug 13, 2025

Description

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Solution

apple-osx-upgrade-10_15_6

References

CVE-2019-14899
https://attackerkb.com/topics/CVE-2019-14899
CWE-300
URL-https://support.apple.com/kb/HT211289

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today