Buffer overflow in watchOS - CVE-2019-8747
Published: December 18, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30529
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-8747
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
watchOS
watchOS
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.
How to mitigate CVE-2019-8747
Install update from vendor's website.