CVE-2019-8747 — Out-of-bounds Write in Apple Watchos

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 48.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Watchos Apple IOS 13.1 AND Ipados Apple Tvos

Timeline

PublishedDec 18

Latest updateMay 24

Description

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5apple/watchosunspecified — watchOS 6.1

▶NVDapple/watchos< 6.1

▶Appleapple/watchos6.1

▶Appleapple/tvos13

▶Appleapple/ios_13.1_and_ipados13.1

🔴Vulnerability Details

GHSA

GHSA-xvmg-vf8x-q2gp: A memory corruption vulnerability was addressed with improved locking↗2022-05-24

▶

📋Vendor Advisories

Apple

CVE-2019-8747: watchOS 6.1↗2019-10-29

▶

Apple

CVE-2019-8747: tvOS 13↗2019-09-24

▶

Apple

CVE-2019-8747: iOS 13.1 and iPadOS 13.1↗2019-09-24

▶