CVE-2019-8605

high-risk

Published 2019-12-18

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Do I need to act?

12.1% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

2 public exploits available

47409, 46892

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (4)

Iphone Os

Mac Os X

Tvos

Watchos

Affected Vendors

Apple

References (9)

Release Notes https://support.apple.com/HT210118

Release Notes https://support.apple.com/HT210119

Release Notes https://support.apple.com/HT210120

Release Notes https://support.apple.com/HT210122

Release Notes https://support.apple.com/HT210118

Release Notes https://support.apple.com/HT210119

Release Notes https://support.apple.com/HT210120

Release Notes https://support.apple.com/HT210122

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 26/34 · High

Exposure 10/34 · Low