CVE-2019-8795
published 2019-12-18CVE-2019-8795: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able to execute arbitrary code with system privileges.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | >= unspecified < iOS 13.2 and iPadOS 13.2 | iOS 13.2 and iPadOS 13.2 |
| apple | ios_13.2_and_ipados | — | — |
| apple | ipados | < 13.2 | 13.2 |
| apple | iphone_os | < 13.2 | 13.2 |
| apple | tvos | < 13.2 | 13.2 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < tvOS 13.2 | tvOS 13.2 |
Apple
CVE-2019-8795: iOS 13.2 and iPadOS 13.2
vendor_apple·2019-10-28·CVSS 7.8
CVE-2019-8795 [HIGH] CVE-2019-8795: iOS 13.2 and iPadOS 13.2
Apple Security Update: About the security content of iOS 13.2 and iPadOS 13.2
Product: iOS 13.2 and iPadOS
Version: 13.2
CVE: CVE-2019-8795
Component: AVEVideoEncoder
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2019-8795: tvOS 13.2
vendor_apple·2019-10-28·CVSS 7.8
CVE-2019-8795 [HIGH] CVE-2019-8795: tvOS 13.2
Apple Security Update: About the security content of tvOS 13.2
Product: tvOS
Version: 13.2
CVE: CVE-2019-8795
Component: AVEVideoEncoder
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
GHSA
GHSA-8p93-r487-78qw: A memory corruption issue was addressed with improved memory handling
ghsa_unreviewed·2022-05-24
CVE-2019-8795 [HIGH] CWE-119 GHSA-8p93-r487-78qw: A memory corruption issue was addressed with improved memory handling
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able to execute arbitrary code with system privileges.
Project0
A survey of recent iOS kernel exploits - Project Zero
project_zero·2020-06-01
CVE-2016-7644 A survey of recent iOS kernel exploits - Project Zero
Posted by Brandon Azad, Project Zero
I recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.
This post summarizes original iOS kernel exploits from local app context targeting iOS 10 through iOS 13, focusing on the high-level exploit flow from the initial primitive granted by the vulnerability to kernel read/write. At the end of this post, we will briefly look at iOS kernel exploit mitigations (in both hardware and software) and how they map onto the techniques used in the exploits.
This isn't your typical P0 blog post: There is no gripping zero-day exploitation, or novel exploitation research, or thrilling mal
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-18
Published