CVE-2019-6205

HIGH

iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Out-of-bounds Write

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6205. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a race condition in XNU's vm_map_copyin_internal function, leading to a TOCTOU issue where anonymous memory entries can be moved non-atomically, violating Mach message OOL memory semantics. The exploit demonstrates this by sending overlapping Mach messages to trigger the vulnerability.

Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46299

View Code ZIP pw:eip

This PoC exploits a race condition in XNU's vm_map_copyin_internal function, leading to a TOCTOU issue where anonymous memory entries can be moved non-atomically, violating Mach message OOL memory semantics. The exploit demonstrates this by sending overlapping Mach messages to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Apple XNU (MacOS 10.14.1)

No auth needed

Prerequisites: MacOS 10.14.1 (18B75) · Ability to send Mach messages

MITRE ATT&CK