ID CVE-2019-8665 Type cve Reporter cve@mitre.org Modified 2019-12-19T20:58:00
Description
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.
{"apple": [{"lastseen": "2020-12-24T20:42:48", "bulletinFamily": "software", "cvelist": ["CVE-2020-10135", "CVE-2019-8648", "CVE-2019-8669", "CVE-2019-8633", "CVE-2019-8682", "CVE-2019-8688", "CVE-2019-8665", "CVE-2018-16860", "CVE-2019-9506", "CVE-2019-8647", "CVE-2019-8624", "CVE-2019-8672", "CVE-2019-8660", "CVE-2019-8658", "CVE-2019-8676", "CVE-2019-13118", "CVE-2019-8659", "CVE-2019-8683", "CVE-2019-8646", "CVE-2019-8668", "CVE-2019-8684", "CVE-2019-8689", "CVE-2019-8685", "CVE-2019-8662", "CVE-2019-8657"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 5.3\n\nReleased July 22, 2019\n\n**Bluetooth**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England\n\nThe changes for this issue mitigate CVE-2020-10135.\n\nEntry added August 13, 2019, updated June 25, 2020 \n\n**Core Data**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8646: Natalie Silvanovich of Google Project Zero\n\n**Core Data**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8647: Samuel Gro\u00df and Natalie Silvanovich of Google Project Zero\n\n**Core Data**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8660: Samuel Gro\u00df and Natalie Silvanovich of Google Project Zero\n\n**Digital Touch**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8624: Natalie Silvanovich of Google Project Zero\n\n**FaceTime**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu\n\n**Heimdal**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst\n\n**Image Processing**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8668: an anonymous researcher\n\nEntry added October 8, 2019\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2019-8633: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry added September 17, 2019\n\n**libxslt**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to view sensitive information\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2019-13118: found by OSS-Fuzz\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Users removed from an iMessage conversation may still be able to alter state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of University of Oregon\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8665: Michael Hernandez of XYZ Marketing\n\n**Quick Look**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8662: Natalie Silvanovich and Samuel Gro\u00df of Google Project Zero\n\n**Siri**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8646: Natalie Silvanovich of Google Project Zero\n\n**UIFoundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative\n\n**Wallet**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A user may inadvertently complete an in-app purchase while on the lock screen\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2019-8682: Jeff Braswell (JeffBraswell.com)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative\n\nCVE-2019-8672: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech\n\nCVE-2019-8683: lokihardt of Google Project Zero\n\nCVE-2019-8684: lokihardt of Google Project Zero\n\nCVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL\n\nCVE-2019-8688: Insu Yun of SSLab at Georgia Tech\n\nCVE-2019-8689: lokihardt of Google Project Zero\n\n\n\n## Additional recognition\n\n**MobileInstallation**\n\nWe would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance.\n", "edition": 3, "modified": "2020-06-25T07:44:38", "published": "2020-06-25T07:44:38", "id": "APPLE:HT210353", "href": "https://support.apple.com/kb/HT210353", "title": "About the security content of watchOS 5.3 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:50", "bulletinFamily": "software", "cvelist": ["CVE-2020-10135", "CVE-2019-8663", "CVE-2019-8648", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8702", "CVE-2019-8677", "CVE-2019-8649", "CVE-2019-8682", "CVE-2019-8688", "CVE-2019-8665", "CVE-2018-16860", "CVE-2019-9506", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8673", "CVE-2019-8647", "CVE-2019-8687", "CVE-2019-8672", "CVE-2019-8660", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8699", "CVE-2019-8676", "CVE-2019-8686", "CVE-2019-13118", "CVE-2019-8644", "CVE-2019-8683", "CVE-2019-8671", "CVE-2019-8646", "CVE-2019-8690", "CVE-2019-8698", "CVE-2019-8668", "CVE-2019-8684", "CVE-2019-8689", "CVE-2019-8685", "CVE-2019-8662", "CVE-2019-8657", "CVE-2019-8666"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.4\n\nReleased July 22, 2019\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England\n\nThe changes for this issue mitigate CVE-2020-10135.\n\nEntry added August 13, 2019, updated June 25, 2020 \n\n**Core Data**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8646: Natalie Silvanovich of Google Project Zero\n\n**Core Data**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8647: Samuel Gro\u00df and Natalie Silvanovich of Google Project Zero\n\n**Core Data**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8660: Samuel Gro\u00df and Natalie Silvanovich of Google Project Zero\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu\n\n**Found in Apps**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8663: Natalie Silvanovich of Google Project Zero\n\n**Game Center**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A local user may be able to read a persistent account identifier\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2019-8702: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\nEntry added February 24, 2020\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst\n\n**Image Processing**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8668: an anonymous researcher\n\nEntry added October 8, 2019\n\n**libxslt**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to view sensitive information\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2019-13118: found by OSS-Fuzz\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8665: Michael Hernandez of XYZ Marketing\n\n**Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A malicious application may be able to restrict access to websites\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Caraba\u0219 and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8662: Natalie Silvanovich and Samuel Gro\u00df of Google Project Zero\n\n**Siri**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8646: Natalie Silvanovich of Google Project Zero\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection\n\nDescription: A logic issue existed in the answering of phone calls. The issue was addressed with improved state management.\n\nCVE-2019-8699: Marius Alexandru Boeru (@mboeru) and an anonymous researcher\n\nEntry updated July 25, 2019\n\n**UIFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative\n\n**Wallet**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: A user may inadvertently complete an in-app purchase while on the lock screen\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2019-8682: Jeff Braswell (JeffBraswell.com)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.\n\nCVE-2019-8690: Sergei Glazunov of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.\n\nCVE-2019-8649: Sergei Glazunov of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative\n\nCVE-2019-8666: Zongming Wang (\u738b\u5b97\u660e) and Zhe Jin (\u91d1\u54f2) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.\n\nCVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative\n\nCVE-2019-8671: Apple\n\nCVE-2019-8672: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech\n\nCVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech\n\nCVE-2019-8677: Jihui Lu of Tencent KeenLab\n\nCVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech\n\nCVE-2019-8679: Jihui Lu of Tencent KeenLab\n\nCVE-2019-8680: Jihui Lu of Tencent KeenLab\n\nCVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative\n\nCVE-2019-8683: lokihardt of Google Project Zero\n\nCVE-2019-8684: lokihardt of Google Project Zero\n\nCVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL\n\nCVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative\n\nCVE-2019-8687: Apple\n\nCVE-2019-8688: Insu Yun of SSLab at Georgia Tech\n\nCVE-2019-8689: lokihardt of Google Project Zero\n\nEntry updated September 11, 2019\n\n\n\n## Additional recognition\n\n**Game Center**\n\nWe would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance.\n\n**MobileInstallation**\n\nWe would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance.\n", "edition": 3, "modified": "2020-06-25T07:44:38", "published": "2020-06-25T07:44:38", "id": "APPLE:HT210346", "href": "https://support.apple.com/kb/HT210346", "title": "About the security content of iOS 12.4 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
