First published: Mon Jul 22 2019(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution.
Credit: riusksk VulWar Corp working with Trend Microriusksk VulWar Corp working with Trend Microriusksk VulWar Corp working with Trend Microriusksk VulWar Corp working with Trend Micro product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <12.4 | |
Apple Mac OS X | <10.14.6 | |
Apple tvOS | <12.4 | |
Apple watchOS | <5.3 | |
Apple tvOS | <12.4 | 12.4 |
Apple macOS Mojave | <10.14.6 | 10.14.6 |
Apple High Sierra | ||
Apple Sierra | ||
Apple watchOS | <5.3 | 5.3 |
Apple iOS | <12.4 | 12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-8657 is a vulnerability that allows for an out-of-bounds read, leading to unexpected application termination or arbitrary code execution.
The severity of CVE-2019-8657 is high, with a CVSS score of 8.8.
macOS Mojave 10.14.6, iOS 12.4, tvOS 12.4, and watchOS 5.3 are affected by CVE-2019-8657.
To fix CVE-2019-8657, it is recommended to update to iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, or watchOS 5.3.
You can find more information about CVE-2019-8657 on the following references: [link1], [link2], [link3].