CVE-2019-8605

high

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

References

https://www.tenable.com/blog/apple-iphone-and-ipad-devices-vulnerable-after-reintroduction-of-sockpuppet-flaw-in-ios-12-4

https://support.apple.com/HT210122

https://support.apple.com/HT210120

https://support.apple.com/HT210119

https://support.apple.com/HT210118

Details

Source: Mitre, NVD

Published: 2019-12-18

Updated: 2025-02-28

Named Vulnerability: SockPuppetKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H