CVE-2019-8662
CRITICAL WAF: Medium
CVSS 9.8
Published: 2019-12-18
CWE-502
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apple | iphone_os | up to 12.4 |
| apple | mac_os_x | up to 10.14.6 |
| apple | tvos | up to 12.4 |
| apple | watchos | up to 5.3 |
References
- support.apple.com (Vendor Advisory)
- support.apple.com (Vendor Advisory)
- support.apple.com (Vendor Advisory)
- support.apple.com (Vendor Advisory)