CVE-2019-6205

HIGH

Apple Iphone OS < 12.1.3 - Out-of-Bounds Write

Title source: rule

Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46299

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.securityfocus.com/bid/106695

[Vendor Advisory] https://support.apple.com/HT209443

[Vendor Advisory] https://support.apple.com/HT209446

[Vendor Advisory] https://support.apple.com/HT209447

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46299/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/156051/XNU-vm_map_copy-Insufficient-Fix.html

Scores

CVSS v3 7.8

EPSS 0.0873

EPSS Percentile 92.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tvos < 12.1.2

Published Mar 05, 2019

Tracked Since Feb 18, 2026