CVE-2019-8820

HIGH

Apple Icloud < 7.15 - Out-of-Bounds Write

Title source: rule

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47590

View Code ZIP pw:eip

References (8)

[Vendor Advisory] https://support.apple.com/HT210724

[Vendor Advisory] https://support.apple.com/HT210727

[Vendor Advisory] https://support.apple.com/HT210721

[Vendor Advisory] https://support.apple.com/HT210726

[Vendor Advisory] https://support.apple.com/HT210723

[Vendor Advisory] https://support.apple.com/HT210728

[Vendor Advisory] https://support.apple.com/HT210725

[Third Party Advisory] https://security.gentoo.org/glsa/202003-22

Scores

CVSS v3 8.8

EPSS 0.0653

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (7)

apple/icloud < 7.15

apple/ipados < 13.2

apple/iphone_os < 13.2

apple/itunes < 12.10.2

apple/safari < 13.0.3

apple/tvos < 13.2

apple/watchos < 6.1

Published Dec 18, 2019

Tracked Since Feb 18, 2026