apple iphone-os CVE-2019-8605 vulnerability in Apple Products
Published on December 18, 2019

product logo product logo product logo product logo
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Apple Multiple Products Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

The following remediation steps are recommended / required by July 18, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2019-8605 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2019-8605 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2019-8605

You can be notified by stack.watch whenever vulnerabilities like CVE-2019-8605 are published in these products:

Apple iOS
 
Apple Mac OSX
 
Apple TV OS
 
Apple Watch OS
 

What versions are vulnerable to CVE-2019-8605?