Published: 18/12/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple tvos
apple watchos

When deserializing NSObjects with the NSArchiver API [1], one can supply a whitelist of classes that are allowed to be unarchived In that case, any object in the archive whose class is not whitelisted will not be deserialized Doing so will also cause the NSKeyedUnarchiver to "requireSecureCoding", ensuring that the archived classes conform to the ...

During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API One of the classes that is allowed to be decoded from the incoming data is NSDictionary However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secure coding can then be deserialized as well NSSharedK ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10146, Security Update 2019-004 Hig ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 124  <!--X-Head-o ...

Latest ios RCE Vulnerability disclosed by Google Security Researcher

ios-RCE-Vulnerability Latest ios RCE Vulnerability disclosed by Google Security Researcher the details has been taken from: thehackernewscom/2019/07/apple-ios-vulnerabilitieshtml ===================================================================================================== CVE-2019-8647 (RCE via iMessage) — This is a use-after-free vulnerability that resi

It's 2019 and you can still pwn an iPhone with a website: Apple patches up iOS, Mac bugs in July security hole dump

The Register • Shaun Nichols in San Francisco • 23 Jul 2019

20 WebKit flaws among latest batch of bug fixes Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internet

On Monday Apple released a fresh round of security fixes for a load of its operating systems and applications. The July patch batch addresses vulnerabilities in iOS, MacOS, Safari, watchOS, and tvOS, though many of the updates are for common components across each of the platforms, such as the WebKit browser engine. These should be installed as soon as possible. For iOS, the 12.4 update brings a total of 37 fixes for various components in the mobile operating system. More than half of those CVE-...

CVE-2019-8662

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect