SB2019121838 - Multiple vulnerabilities in Apple watchOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019121838

SB2019121838 - Multiple vulnerabilities in Apple watchOS

Published: December 18, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019121838
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2019-8747)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.


2) Buffer overflow (CVE-ID: CVE-2019-8750)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.


Remediation

Install update from vendor's website.

References