CVE-2019-8648: Input Validation
First published: Mon Jul 22 2019(Updated: )
FaceTime. A memory corruption issue was addressed with improved input validation.
Credit: Tao Huang Tielei Wang Team PanguTao Huang Tielei Wang Team PanguTao Huang Tielei Wang Team Pangu product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <12.4 | |
| Apple Mac OS X | <10.14.6 | |
| Apple tvOS | <12.4 | |
| Apple watchOS | <5.3 | |
| Apple macOS Mojave | <10.14.6 | 10.14.6 |
| Apple High Sierra | ||
| Apple Sierra | ||
| Apple watchOS | <5.3 | 5.3 |
| Apple iOS | <12.4 | 12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-9506
- CVE-2020-10135
- CVE-2019-8646
- CVE-2019-8647
- CVE-2019-8660
- CVE-2019-8624
- CVE-2019-8648
- CVE-2018-16860
- CVE-2019-8668
- CVE-2019-8633
- CVE-2019-13118
- CVE-2019-8659
- CVE-2019-8665
- CVE-2019-8662
- CVE-2019-8657
- CVE-2019-8682
- CVE-2019-8658
- CVE-2019-8669
- CVE-2019-8672
- CVE-2019-8676
- CVE-2019-8683
- CVE-2019-8684
- CVE-2019-8685
- CVE-2019-8688
- CVE-2019-8689
- CVE-2019-8693
- CVE-2019-8656
- CVE-2018-19860
- CVE-2019-8661
- CVE-2019-8675
- CVE-2019-8696
- CVE-2019-8539
- CVE-2019-8697
- CVE-2019-8663
- CVE-2019-8702
- CVE-2019-8695
- CVE-2019-8691
- CVE-2019-8692
- CVE-2019-8694
- CVE-2019-8670
- CVE-2019-8701
- CVE-2019-8667
- CVE-2019-8690
- CVE-2019-8649
- CVE-2019-8644
- CVE-2019-8666
- CVE-2019-8671
- CVE-2019-8673
- CVE-2019-8677
- CVE-2019-8678
- CVE-2019-8679
- CVE-2019-8680
- CVE-2019-8681
- CVE-2019-8686
- CVE-2019-8687
- CVE-2019-8698
- CVE-2019-8699
Frequently Asked Questions
What is CVE-2019-8648?
CVE-2019-8648 is a memory corruption vulnerability in FaceTime that allows a remote attacker to execute arbitrary code.
What is the severity of CVE-2019-8648?
CVE-2019-8648 has a severity rating of 9.8 (Critical).
How does Apple address CVE-2019-8648?
Apple has fixed the vulnerability with improved input validation in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, and watchOS 5.3.
Is my device affected by CVE-2019-8648?
If you are using iOS versions up to but not including 12.4, macOS Mojave versions up to but not including 10.14.6, tvOS versions up to but not including 12.4, or watchOS versions up to but not including 5.3, your device may be affected.
Where can I find more information about CVE-2019-8648?
You can find more information about CVE-2019-8648 on the Apple Support website: [1] [2] [3].
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple watchos
- canonical/apple macos mojave
- canonical/apple high sierra
- canonical/apple sierra
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple ios