APP: Apple iMessage NSKnownKeysDictionary1 Decoding Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Apple iMessage. A successful attack can lead to arbitrary code execution.

Extended Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Affected Products

Apple watchos

References

CVE: CVE-2019-8660

Short Name
APP:MISC:CVE-2019-8660-CE
Severity
Major
Recommended
True
Recommended Action
None
Category
APP
Keywords
Apple CVE-2019-8660 Code Decoding Execution NSKnownKeysDictionary1 Remote iMessage
Release Date
08/19/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Apple

CVSS Score

7.5

Found a potential security threat?