CVE-2019-8635: Double Free

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8635.

Q: What is the severity of CVE-2019-8635?

The severity of CVE-2019-8635 is high with a CVSS score of 7.8.

Q: How does this vulnerability impact macOS Mojave?

This vulnerability can allow an application to execute arbitrary code with system privileges on macOS Mojave.

Q: How can I fix this vulnerability on macOS Mojave?

This vulnerability is fixed in macOS Mojave 10.14.5, so updating to this version will resolve the issue.

Q: Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Apple Support website.

Published May 13, 2019

Updated

AMD. A memory corruption issue was addressed with improved memory handling.

Other sources

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.

Credit

Lilang Wu, Moony Li(TrendMicro Mobile Security Research Team working with Trend Micro)

Affected Software

4 affected componentsFixes available

Apple macOS Mojave<10.14.5

10.14.5

Apple High Sierra

Apple Sierra

Apple iOS and macOS<10.14.5

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210119

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8635.

What is the severity of CVE-2019-8635?

The severity of CVE-2019-8635 is high with a CVSS score of 7.8.

How does this vulnerability impact macOS Mojave?

This vulnerability can allow an application to execute arbitrary code with system privileges on macOS Mojave.

How can I fix this vulnerability on macOS Mojave?