Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8641Out-of-bounds Read in Apple IOS

CWE-125Out-of-bounds Read14 documents6 sources
Severity
9.8CRITICALNVD
EPSS
10.9%
top 6.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Apple IOSApple MacosApple Watchos+3 more
Timeline
PublishedDec 18
Latest updateMay 24

Description

An out-of-bounds read was addressed with improved input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5apple/iosunspecifiediOS 12.4.2+1
NVDapple/tvos< 12.4
CVEListV5apple/macosunspecifiedmacOS Mojave 10.14.6 Supplemental Update 2
CVEListV5apple/watchosunspecifiedwatchOS 6+1
NVDapple/watchos< 5.3

🔴Vulnerability Details

7
GHSA
GHSA-27cj-jh44-8xw6: An out-of-bounds read was addressed with improved input validation2022-05-24
Project0
MMS Exploit Part 3: Constructing the Memory Corruption Primitives - Project Zero2020-07-01
Project0
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution - Project Zero2020-01-01
Project0
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass - Project Zero2020-01-01
Project0
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 - Project Zero2020-01-01

💥Exploits & PoCs

2
Exploit-DB
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address2019-11-11
Exploit-DB
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds2019-09-24

📋Vendor Advisories

4
Apple
CVE-2019-8641: macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, and Security Update 2019-005 Sierra2019-09-26
Apple
CVE-2019-8641: watchOS 5.3.22019-09-26
Apple
CVE-2019-8641: iOS 12.4.22019-09-26
Apple
CVE-2019-8641: iOS 132019-09-19
CVE-2019-8641 — Out-of-bounds Read in Apple IOS | cvebase