CVE-2019-8605

CVSS 7.8 HIGHEPSS 17.5%● KEVCWE-416

In short

A program continues using memory after it has been freed, allowing a malicious app to run unauthorized code with system-level access. This happens because the system doesn't properly manage memory cleanup.

Technical detail

Use-after-free vulnerability in memory management allows a malicious application to execute arbitrary code with elevated system privileges. The vulnerability exists when freed memory is accessed without proper validation; exploitation requires local code execution capability on the affected system.

Summary generated and translated by AI from the official description.

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS Apple · macOS Apple · tvOS Apple · watchOS

public PoCs found — 3

githubgithub.com/1nteger-c/CVE-2019-8605★ 0 exploitdbwww.exploit-db.com/exploits/47409unverified exploitdbwww.exploit-db.com/exploits/46892unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/HT210118 https://support.apple.com/HT210119 https://support.apple.com/HT210120 https://support.apple.com/HT210122 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8605