9.3

CVE-2019-8605

Warnung

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPhone OS Version < 12.3
ApplemacOS X Version < 10.14.5
AppletvOS Version < 12.3
ApplewatchOS Version < 5.2.1

27.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Use-After-Free Vulnerability

Schwachstelle

A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.86% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://support.apple.com/HT210118
Vendor Advisory
Release Notes
https://support.apple.com/HT210119
Vendor Advisory
Release Notes
https://support.apple.com/HT210120
Vendor Advisory
Release Notes
https://support.apple.com/HT210122
Vendor Advisory
Release Notes