Use After Free Vulnerability in Apple Products
CVE-2019-8846

8.8HIGH

Key Information:

Vendor

Apple
Status
iOS And iPad OS
TV OS
Safari
Itunes For Windows
Vendor
CVE Published:
27 October 2020

What is CVE-2019-8846?

This vulnerability arises from a use after free condition associated with improper memory management in Apple's products. It allows attackers to craft malicious web content that may lead to arbitrary code execution, posing a significant risk to users. To mitigate potential exploitation, it is essential for users to update their devices with the latest software versions, as fixes have been applied in various Apple product updates.

Affected Version(s)

iCloud for Windows < 10.9

iCloud for Windows < 7.16

iOS and iPadOS < 13.3

References

https://support.apple.com/en-us/HT210785
x_refsource_MISC
https://support.apple.com/en-us/HT210790
x_refsource_MISC
https://support.apple.com/en-us/HT210793
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.