Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2019-8605

Published: 18/12/2019 Updated: 20/12/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

apple tvos

apple watchos

Exploits

Exploit DB: macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
# Reproduction Repros on 10143 when run as root It may need multiple tries to trigger $ clang -o in6_selectsrc in6_selectsrccc $ while 1; do sudo /in6_selectsrc; done res0: 3 res1: 0 res15: -1 // failure expected here res2: 0 done [crash] # Explanation The following snippet is taken from in6_pcbdetach: ``` void in6_pcbdetach(struct inpc ...
Exploit DB: XNU Stale Pointer Use-After-Free
XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-5-13-1 iOS 12.3
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-5-13-1 iOS 123 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security via ...
Full Disclosure: APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-5-13-2 macOS Mojave 10145, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra <!--X ...
Full Disclosure: APPLE-SA-2019-8-26-1 iOS 12.4.1
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-8-26-1 iOS 1241 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Akila Srinivasan via Full ...
Full Disclosure: APPLE-SA-2019-8-26-3 tvOS 12.4.1
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-8-26-3 tvOS 1241 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Akila Srinivasan via Ful ...

Github Repositories

https://github.com/staturnzz/socket

iOS 10.x Jailbreak for 32bit Devices

Welcome to Socket, iOS 10x Jailbreak for 32bit devices Getting Started: Before we start ensure you have one of the supported devices: iPhone 5,1 (iPhone 5 GSM) iPhone 5,2 (iPhone 5 Global) iPhone 5,3 (iPhone 5c GSM) iPhone 5,4 (iPhone 5c Global) iPad 3,4 (iPad 4 Wi-Fi) iPad 3,5 (iPad 4 GSM) iPad 3,6 (iPad 4 Global) Download the ipa file from here or from releases Instal

https://github.com/Embodimentgeniuslm3/glowing-adventure

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

https://github.com/WRFan/jailbreak10.3.3

This repo provides some info on how to downgrade, jailbreak, and setup IOS 10.3.3 on an iPhone 5s.

This repo provides some info on how to downgrade, jailbreak, and setup IOS 1033 on an iPhone 5s The "install" script in this repo lists all post-jailbreak steps, so use that one in addition to this readme to guide you This repo provides sources only The full package can be downloaded from the releases section: githubcom/WRFan/jailbreak1033/releases

Recent Articles

Breaking news: Apple un-breaks break on jailbreak break
The Register • Shaun Nichols in San Francisco • 26 Aug 2019

The fix for the fix is in Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4

Apple has issued an update to address a potentially serious security flaw it re-opened in the latest version of iOS. Monday's iOS 12.4.1 update contains a single fix: a patch to address CVE-2019-8605. The use-after-free vulnerability would let an application gain the ability to execute arbitrary code with system privileges. Credit for discovering the flaw was given to Ned Williamson from Google's Project Zero team, who reported the flaw to Cupertino back in March. This is not the first time Appl...

Read more...

References

CWE-416https://support.apple.com/HT210118https://support.apple.com/HT210119https://support.apple.com/HT210122https://support.apple.com/HT210120https://nvd.nist.govhttps://github.com/staturnzz/sockethttps://www.exploit-db.com/exploits/46892
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook