CVE-2019-8605
Published Dec 18, 2019
Last updated 5 months ago
- Description
- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- iphone_os, mac_os_x, tvos, watchos
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Apple Multiple Products Use-After-Free Vulnerability
- Exploit added on
- Jun 27, 2022
- Exploit action due
- Jul 18, 2022
- Required action
- Apply updates per vendor instructions.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
9
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19F7E8-75CA-4F9F-B79C-DB3B2C0E1EF4",
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E2DF4C-D103-4762-8CF1-6EDCE088FB1A",
"versionEndExcluding": "10.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F48137-53D0-4469-9785-57A7FC4482AB",
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF31F5E0-94DD-41FD-80D4-8A27CAECB80B",
"versionEndExcluding": "5.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]