CVE-2019-8646 – iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
https://notcve.org/view.php?id=CVE-2019-8646
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory. Una lectura fuera de límites fue abordada con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3. • https://www.exploit-db.com/exploits/47194 https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 • CWE-125: Out-of-bounds Read •
CVE-2019-8662 – iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
https://notcve.org/view.php?id=CVE-2019-8662
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary. Este problema fue abordado con comprobaciones mejoradas. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3. • https://www.exploit-db.com/exploits/47608 https://www.exploit-db.com/exploits/47189 https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 • CWE-416: Use After Free CWE-502: Deserialization of Untrusted Data •
CVE-2019-8573
https://notcve.org/view.php?id=CVE-2019-8573
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. Se abordó un problema de comprobación de entrada con una comprobación de entrada mejorada. Este problema se corrigió en macOS Mojave versión 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS versión 12.3, watchOS versión 5.2.1. • https://support.apple.com/en-us/HT210118 https://support.apple.com/en-us/HT210119 https://support.apple.com/en-us/HT210122 • CWE-20: Improper Input Validation •
CVE-2019-8635 – Apple macOS AMDRadeonX4000_AMDSIGLContext Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8635
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.5. • https://support.apple.com/HT210119 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVE-2019-8616 – Apple macOS IOAccelSharedUserClient2 Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8616
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.5. • https://support.apple.com/HT210119 • CWE-787: Out-of-bounds Write •