CVE-2019-8624
published 2019-12-18CVE-2019-8624: An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.47%
92.9th percentile
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | watchos | < 5.3 | 5.3 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < watchOS 5.3 | watchOS 5.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m2jw-r6hf-gq38: An out-of-bounds read was addressed with improved input validation
ghsa_unreviewed·2022-05-24
CVE-2019-8624 [MEDIUM] GHSA-m2jw-r6hf-gq38: An out-of-bounds read was addressed with improved input validation
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.
Project0
The Fully Remote Attack Surface of the iPhone - Project Zero
project_zero·2019-08-01
CVE-2019-8613 The Fully Remote Attack Surface of the iPhone - Project Zero
Posted by Natalie Silvanovich, Project Zero
While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities.
Vulnerabilities are considered ‘remote’ when the attacker does not require any physical or network proximity to the target to be able to use the vulnerability. Remote vulnerabilities are described as ‘fully remote’, ‘interaction-less’ or ‘zero click’ when they do not require any physical interaction from the target to be exploited, an
Apple
CVE-2019-8624: watchOS 5.3
vendor_apple·2019-07-22·CVSS 7.5
CVE-2019-8624 [HIGH] CVE-2019-8624: watchOS 5.3
Apple Security Update: About the security content of watchOS 5.3
Product: watchOS
Version: 5.3
CVE: CVE-2019-8624
Component: Digital Touch
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input validation.
No detection rules found.
No writeups or analysis indexed.
2019-12-18
Published