CVE-2019-8646: Input Validation
Published Jul 22, 2019
·Updated
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
Other sources
Siri. An out-of-bounds read was addressed with improved input validation.
Credit
natashenka(Google Project Zero), natashenka(Google Project Zero), natashenka(Google Project Zero), Natalie Silvanovich(Google Project Zero)
Affected Software
10 affected componentsFixes available
Apple tvOS<12.4
12.4
Apple macOS Mojave<10.14.6
10.14.6
Apple High Sierra
Apple Sierra
Apple WatchOS<5.3
5.3
Apple iOS<12.4
12.4
Apple iPhone OS<12.4
Apple iOS and macOS<10.14.6
Apple tvOS<12.4
Apple WatchOS<5.3
Event History
Dec 18, 2019
CVE Published
via MITRE·05:33 PM
Data Sourced
via MITRE·05:33 PM
DescriptionWeakness
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2019-9506
- CVE-2020-10135
- CVE-2019-8646
- CVE-2019-8647
- CVE-2019-8660
- CVE-2019-8702
- CVE-2018-16860
- CVE-2019-8668
- CVE-2019-13118
- CVE-2019-8698
- CVE-2019-8662
- CVE-2019-8657
- CVE-2019-8690
- CVE-2019-8649
- CVE-2019-8658
- CVE-2019-8644
- CVE-2019-8666
- CVE-2019-8669
- CVE-2019-8671
- CVE-2019-8672
- CVE-2019-8673
- CVE-2019-8676
- CVE-2019-8677
- CVE-2019-8678
- CVE-2019-8679
- CVE-2019-8680
- CVE-2019-8681
- CVE-2019-8683
- CVE-2019-8684
- CVE-2019-8685
- CVE-2019-8686
- CVE-2019-8687
- CVE-2019-8688
- CVE-2019-8689
- CVE-2019-8693
- CVE-2019-8656
- CVE-2018-19860
- CVE-2019-8661
- CVE-2019-8675
- CVE-2019-8696
- CVE-2019-8539
- CVE-2019-8697
- CVE-2019-8648
- CVE-2019-8663
- CVE-2019-8695
- CVE-2019-8691
- CVE-2019-8692
- CVE-2019-8694
- CVE-2019-8670
- CVE-2019-8701
- CVE-2019-8667
- CVE-2019-8624
- CVE-2019-8633
- CVE-2019-8659
- CVE-2019-8665
- CVE-2019-8682
- CVE-2019-8699
Frequently Asked Questions
1
What is CVE-2019-8646?
CVE-2019-8646 is a vulnerability in Siri that allows a remote attacker to leak memory.
2
What is the severity of CVE-2019-8646?
The severity of CVE-2019-8646 is high with a CVSS score of 7.5.
3
How can I fix CVE-2019-8646?
CVE-2019-8646 can be fixed by updating to the latest versions of iOS, macOS Mojave, tvOS, and watchOS.
4
Where can I find more information about CVE-2019-8646?
More information about CVE-2019-8646 can be found on the Apple support website.