First published: Mon Jul 22 2019(Updated: )
Core Data. A use after free issue was addressed with improved memory management.
Credit: Samuel Groß natashenka Google Project ZeroSamuel Groß natashenka Google Project ZeroSamuel Groß Natalie Silvanovich Google Project Zero product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <12.4 | |
Apple tvOS | <12.4 | |
Apple watchOS | <5.3 | |
Apple tvOS | <12.4 | 12.4 |
Apple watchOS | <5.3 | 5.3 |
Apple iOS | <12.4 | 12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-8647 is a use after free vulnerability in Core Data that allows remote attackers to execute arbitrary code.
CVE-2019-8647 affects iOS versions up to, but not including, 12.4.
CVE-2019-8647 affects tvOS versions up to, but not including, 12.4.
CVE-2019-8647 affects watchOS versions up to, but not including, 5.3.
To fix CVE-2019-8647, update your iOS device to version 12.4 or later, tvOS device to version 12.4 or later, or watchOS device to version 5.3 or later.