Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8663Apple Macos vulnerability

7 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
2.3%
top 15.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Apple IOSApple MacosApple Iphone OS+1 more
Timeline
PublishedDec 18
Latest updateMay 24

Description

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5apple/macosunspecifiedmacOS Mojave 10.14.6
NVDapple/mac_os_x< 10.14.6
CVEListV5apple/iosunspecifiediOS 12.4
NVDapple/iphone_os< 12.4

🔴Vulnerability Details

3
GHSA
GHSA-43m3-5mhm-q5fc: This issue was addressed with improved checks2022-05-24
CVEList
CVE-2019-8663: This issue was addressed with improved checks2019-12-18
Project0
The Fully Remote Attack Surface of the iPhone - Project Zero2019-08-01

💥Exploits & PoCs

1
Exploit-DB
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String2019-08-15

📋Vendor Advisories

2
Apple
CVE-2019-8663: iOS 12.42019-07-22
Apple
CVE-2019-8663: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra2019-07-22
CVE-2019-8663 — Apple Macos vulnerability | cvebase