Details of VAR-201912-0628

ID

VAR-201912-0628

CVE

CVE-2019-8624

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-006634

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. Apple watchOS is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability. 2. An security-bypass vulnerability. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. Apple watchOS is a smart watch operating system developed by Apple (Apple). Digital Touch is one of the touch drawing components. A buffer error vulnerability exists in the Digital Touch component in versions of Apple watchOS prior to 5.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Digital Touch Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8624: Natalie Silvanovich of Google Project Zero FaceTime Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Foundation Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: Apple Watch Series 1 and later Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Messages Available for: Apple Watch Series 1 and later Impact: Users removed from an iMessage conversation may still be able to alter state Description: This issue was addressed with improved checks. CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of University of Oregon Messages Available for: Apple Watch Series 1 and later Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved validation. CVE-2019-8665: Michael Hernandez of XYZ Marketing Quick Look Available for: Apple Watch Series 1 and later Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero UIFoundation Available for: Apple Watch Series 1 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Wallet Available for: Apple Watch Series 1 and later Impact: A user may inadvertently complete an in-app purchase while on the lock screen Description: The issue was addressed with improved UI handling. CVE-2019-8682: Jeff Braswell (JeffBraswell.com) WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GHOxAA qFjks9IgHJdUoeXnf9JQR6LALFQ9M2N7ud2bj3MXxLYOB5f14g04BV/ZTlrl7CrV yjhnjegcMeOTE5XEDRZcSNDuPFUc793pT04+fUqP88Bf/X/8/0D5LA5tRlce1CUr +2aqVJJezJPwUySPpqiKu+GnYvgU6SXxqdWYBV2+FgG2ws0p4CP40fQohJDYgHvY snIe+a46dFg0kywV2DXvWI36fPI1G0Hjwr9XBsbigDzqp7zxNbkwb9rzZiLSO7Us 7Vp9a854IFD7wVShiRufhroP73vKv8qteXH+EUZbubRzZG6j7jyXS74LuNyDi5qW bk+u+yQRnyQQuKJDzy7mJSFgpb6nDFP/ncEIpfrKPXknGuIEO0oqPCUGfNJ5Alq5 Mc2ICPXYKlJQJAA1DgresRaZdpBj2ZE558s6m921R38IB3MAIUyNoiXOnnkNDTp4 vQHSZasbzDkfwjUQsMCX/F8CLsUTWx4vj0RQgqNEQL+um/EdAD1KQZmHkBSyeTyr F74d4tsqO2HoYlPKFtWWNQ7V6Qx37ShrqWrKsoysl8xbCjMYyc0u6IoqsGqNeAUN uTlMUtE3TiaU0Qib/3p+GjUOgnsrhPZrGakzAFw3ntMmt6khhLulN/+MBjibpRyY H2IDW4YapNacIlp47W6AzaEcVZRprCphtiI28u5P2DU= =Mdjp -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2019-8624 // JVNDB: JVNDB-2019-006634 // BID: 109340 // VULHUB: VHN-160059 // PACKETSTORM: 153726 // PACKETSTORM: 154056

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	5.3	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 10.6 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.13 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9.6 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.6 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-004 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.2 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.4 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.3 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	12.4	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	5.3	Trust: 0.3

sources: BID: 109340 // JVNDB: JVNDB-2019-006634 // NVD: CVE-2019-8624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8624
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201907-1246
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160059
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8624
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160059
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8624
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160059 // CNNVD: CNNVD-201907-1246 // NVD: CVE-2019-8624

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-160059 // NVD: CVE-2019-8624

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1246

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1246

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006634

PATCH

title:	About the security content of iCloud for Windows 7.13	url:	https://support.apple.com/en-us/HT210357	Trust: 0.8
title:	About the security content of iCloud for Windows 10.6	url:	https://support.apple.com/en-us/HT210358	Trust: 0.8
title:	About the security content of iOS 12.4	url:	https://support.apple.com/en-us/HT210346	Trust: 0.8
title:	About the security content of tvOS 12.4	url:	https://support.apple.com/en-us/HT210351	Trust: 0.8
title:	About the security content of Safari 12.1.2	url:	https://support.apple.com/en-us/HT210355	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra	url:	https://support.apple.com/en-us/HT210348	Trust: 0.8
title:	About the security content of watchOS 5.3	url:	https://support.apple.com/en-us/HT210353	Trust: 0.8
title:	About the security content of iTunes 12.9.6 for Windows	url:	https://support.apple.com/en-us/HT210356	Trust: 0.8
title:	Apple watchOS Digital Touch Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95413	Trust: 0.6

sources: JVNDB: JVNDB-2019-006634 // CNNVD: CNNVD-201907-1246

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8624	Trust: 3.0
db:	BID	id:	109340	Trust: 0.9
db:	JVN	id:	JVNVU93368270	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006634	Trust: 0.8
db:	PACKETSTORM	id:	153764	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-1246	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2745	Trust: 0.6
db:	EXPLOIT-DB	id:	47158	Trust: 0.6
db:	VULHUB	id:	VHN-160059	Trust: 0.1
db:	PACKETSTORM	id:	153726	Trust: 0.1
db:	PACKETSTORM	id:	154056	Trust: 0.1

sources: VULHUB: VHN-160059 // BID: 109340 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153726 // PACKETSTORM: 154056 // CNNVD: CNNVD-201907-1246 // NVD: CVE-2019-8624

REFERENCES

url:	https://support.apple.com/ht210353	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8624	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8662	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8688	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8669	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8689	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8682	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8660	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8672	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8683	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8659	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8676	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8684	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8648	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8685	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8647	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8657	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8665	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8646	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8658	Trust: 1.0
url:	https://www.apple.com/	Trust: 0.9
url:	http://www.apple.com/watchos-2/	Trust: 0.9
url:	https://lists.apple.com/archives/security-announce/2019/jul/msg00003.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8669	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8648	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8680	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8688	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8692	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8699	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8671	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8647	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8681	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8689	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8691	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8667	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8672	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8646	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8682	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8690	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8670	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8624	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8665	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8673	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8683	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8693	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8644	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8663	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8662	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8676	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8684	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8694	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8649	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8661	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8677	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8685	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8695	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8657	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8660	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8678	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8686	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8697	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8658	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8659	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8679	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8687	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8698	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8666	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93368270/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8679	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8663	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8687	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8698	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8666	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8680	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8699	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8681	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8661	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8671	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8692	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8690	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8673	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8691	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8693	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8644	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8670	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8694	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8649	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8677	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8667	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8695	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8678	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8686	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8697	Trust: 0.8
url:	https://support.apple.com/en-au/ht210353	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2745/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210353	Trust: 0.6
url:	https://www.exploit-db.com/exploits/47158	Trust: 0.6
url:	https://packetstormsecurity.com/files/153764/imessage-digitaltouch-out-of-bounds-read.html	Trust: 0.6
url:	https://www.securityfocus.com/bid/109340	Trust: 0.6
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13118	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8641	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9506	Trust: 0.1

sources: VULHUB: VHN-160059 // BID: 109340 // JVNDB: JVNDB-2019-006634 // PACKETSTORM: 153726 // PACKETSTORM: 154056 // CNNVD: CNNVD-201907-1246 // NVD: CVE-2019-8624

CREDITS

Google Security Research, Will Christensen of University of Oregon,Natalie Silvanovich of Google Project Zero and Ryan Kontos ,Natalie Silvanovich of Google Project Zero and Ryan Kontos (@ryanjkontos)

Trust: 0.6

sources: CNNVD: CNNVD-201907-1246

SOURCES

db:	VULHUB	id:	VHN-160059
db:	BID	id:	109340
db:	JVNDB	id:	JVNDB-2019-006634
db:	PACKETSTORM	id:	153726
db:	PACKETSTORM	id:	154056
db:	CNNVD	id:	CNNVD-201907-1246
db:	NVD	id:	CVE-2019-8624

LAST UPDATE DATE

2024-08-14T13:17:29.696000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160059	date:	2019-12-20T00:00:00
db:	BID	id:	109340	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201907-1246	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8624	date:	2019-12-20T17:33:35.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160059	date:	2019-12-18T00:00:00
db:	BID	id:	109340	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006634	date:	2019-07-24T00:00:00
db:	PACKETSTORM	id:	153726	date:	2019-07-23T02:22:22
db:	PACKETSTORM	id:	154056	date:	2019-08-14T20:32:22
db:	CNNVD	id:	CNNVD-201907-1246	date:	2019-07-23T00:00:00
db:	NVD	id:	CVE-2019-8624	date:	2019-12-18T18:15:30.100