Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8624Out-of-bounds Read in Apple Watchos

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Watchos
Timeline
PublishedDec 18
Latest updateMay 24

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5apple/watchosunspecifiedwatchOS 5.3
NVDapple/watchos< 5.3
Appleapple/watchos5.3

🔴Vulnerability Details

2
GHSA
GHSA-m2jw-r6hf-gq38: An out-of-bounds read was addressed with improved input validation2022-05-24
Project0
The Fully Remote Attack Surface of the iPhone - Project Zero2019-08-01

💥Exploits & PoCs

1
Exploit-DB
Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read2019-07-24

📋Vendor Advisories

1
Apple
CVE-2019-8624: watchOS 5.32019-07-22