CVE-2019-8646

Name of the Vulnerable Software and Affected Versions iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3

Description A remote attacker may be able to leak memory due to an out-of-bounds read issue. This issue was addressed with improved input validation. The vulnerability allows for remote file access and potentially other malicious activities. It is related to the decoding of certain classes, which were not properly validated, allowing for in-memory object manipulation.

Recommendations For iOS versions prior to 12.4, update to iOS 12.4 or later to fix the issue. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later to fix the issue. For tvOS versions prior to 12.4, update to tvOS 12.4 or later to fix the issue. For watchOS versions prior to 5.3, update to watchOS 5.3 or later to fix the issue. As a temporary workaround, consider restricting access to the iMessage service until the update is applied.