Out-of-Bounds Read Vulnerability in Xcode by Apple
CVE-2019-8840

8.8HIGH

Key Information:

Vendor: Apple
Status: Xcode
Vendor: CVE Published:; 27 October 2020

What is CVE-2019-8840?

An out-of-bounds read vulnerability was found in Xcode, posing risks when compiling code from untrusted sources. If exploited, this vulnerability allows attackers to execute arbitrary code with user privileges, potentially compromising system integrity. Apple has addressed this issue with enhanced bounds checking in Xcode version 11.3 to prevent such exploits.

Affected Version(s)

Xcode < 11.3

References

https://support.apple.com/en-us/HT210796

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2020
Vulnerability Reserved
Feb 18, 2019