CVE-2019-9536

Summary

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

Affected Software

VendorProductVersion RangeStatus
AppleiPhone3GSaffected

Weaknesses

  • insecure malloc implementation

ADP Enrichment

CVE Program Container

Additional References

References