#VU17143 Out-of-bounds read in Apple iOS - CVE-2019-6200

Cybersecurity Help s.r.o.

Published: 2019-01-23 | Updated: 2019-01-29

Vulnerability identifier: #VU17143

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-6200

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apple iOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description
The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists due to out-of-bounds read in the Bluetooth component when handling malicious input. A remote authenticated attacker can supply specially crafted input and cause the service to crash.

Mitigation
Update to version 12.1.3.

Vulnerable software versions

Apple iOS: 12.0 16A366 - 12.0.1 16A404, 12.1 16B92 - 12.1.2 16C101

External links
https://support.apple.com/en-us/HT209443

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple macOS

Multiple vulnerabilities in Apple iOS