CVE-2019-9536 MEDIUM

CVE-2019-9536

Vendor Apple
Product iPhone
Published November 22, 2019
Last update August 4, 2024

CVSS base score

6.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

Key dates

02Disclosure timeline

November 22, 2019 CVE published
August 4, 2024 Record updated