CVE-2019-8663: This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

CVE-2019-8663 [MEDIUM] CVE-2019-8663: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2019-8663 Component: Found in Apps Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks.

CVE-2019-8663 [MEDIUM] CVE-2019-8663: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra Apple Security Update: About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra Product: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra CVE: CVE-2019-8663 Component: Found in Apps Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks.

CVE-2019-8663 [MEDIUM] GHSA-43m3-5mhm-q5fc: This issue was addressed with improved checks This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

CVE-2019-8613 The Fully Remote Attack Surface of the iPhone - Project Zero Posted by Natalie Silvanovich, Project Zero While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities. Vulnerabilities are considered ‘remote’ when the attacker does not require any physical or network proximity to the target to be able to use the vulnerability. Remote vulnerabilities are described as ‘fully remote’, ‘interaction-less’ or ‘zero click’ when they do not require any physical interaction from the target to be exploited, an

CVE-2019-8663 NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String --- There is an info leak when decoding the SGBigUTF8String class using [SGBigUTF8String initWithCoder:]. This class initializes the string using [SGBigUTF8String initWithUTF8DataNullTerminated:] even though there is no guarantee the bytes provided to the decoder are null terminated. It should use [SGBigUTF8String initWithUTF8Data:] instead. While this class is included in iMessage, it is more likely that this bug could be useful in local attacks. To reproduce this issue: 1) Compile decodeleak.m clang -o decodeleak -g decodeleak.m -fobjc-arc -framework CoreSuggestionsInternals -F/System/Library/PrivateFrameworks 2) Run: ./decodeleaks obj leaked memory will be printed to the screen. Proof of Concept: https://gitlab.com/exp