CVE-2019-8605 vulnerability in Apple Products
Published on December 18, 2019
Known Exploited Vulnerability
This Apple Multiple Products Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
The following remediation steps are recommended / required by July 18, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2019-8605 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2019-8605 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2019-8605
You can be notified by stack.watch whenever vulnerabilities like CVE-2019-8605 are published in these products:
What versions are vulnerable to CVE-2019-8605?
- Apple iOS Fixed in Version 12.3
- Apple Mac OSX Fixed in Version 10.14.5
- Apple TV OS Fixed in Version 12.3
- Apple Watch OS Fixed in Version 5.2.1