CVE-2019-8661: Use After Free

Q: What is CVE-2019-8661?

CVE-2019-8661 is a use after free vulnerability in Carbon Core that allows a remote attacker to execute arbitrary code.

Q: What is the severity of CVE-2019-8661?

CVE-2019-8661 has a severity rating of 9.8 (Critical).

Q: Which versions of macOS are affected by CVE-2019-8661?

CVE-2019-8661 affects macOS Mojave 10.14.6 and earlier versions.

Q: How was CVE-2019-8661 fixed?

The issue was addressed with improved memory management in macOS Mojave 10.14.6.

Q: Where can I find more information about CVE-2019-8661?

You can find more information about CVE-2019-8661 on the Apple support page at https://support.apple.com/HT210348.

Published Jul 22, 2019

Updated

Carbon Core. A use after free issue was addressed with improved memory management.

Other sources

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.

Credit

natashenka(Google Project Zero)

Affected Software

4 affected componentsFixes available

Apple macOS Mojave<10.14.6

10.14.6

Apple High Sierra

Apple Sierra

Apple iOS and macOS<10.14.6

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210348

Frequently Asked Questions

What is CVE-2019-8661?

CVE-2019-8661 is a use after free vulnerability in Carbon Core that allows a remote attacker to execute arbitrary code.

What is the severity of CVE-2019-8661?

CVE-2019-8661 has a severity rating of 9.8 (Critical).

Which versions of macOS are affected by CVE-2019-8661?

CVE-2019-8661 affects macOS Mojave 10.14.6 and earlier versions.

How was CVE-2019-8661 fixed?