CVE-2019-6208

MEDIUM

iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Memory Corruption via Improper Initialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6208. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a copy-on-write (COW) vulnerability in XNU (CVE-2019-6208) where file truncation fails to properly invalidate shared memory mappings, allowing a process to modify memory visible to another process. The PoC includes a Mach IPC-based test case to show the issue in inter-process communication.

Description

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · cdosmacos
https://www.exploit-db.com/exploits/46296

This exploit demonstrates a copy-on-write (COW) vulnerability in XNU (CVE-2019-6208) where file truncation fails to properly invalidate shared memory mappings, allowing a process to modify memory visible to another process. The PoC includes a Mach IPC-based test case to show the issue in inter-process communication.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (macOS 10.14.1 and earlier)
No auth needed
Prerequisites: Local access to a vulnerable macOS system · Ability to compile and execute C code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106695
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209446
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209443
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46296/
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT209447

Scores

CVSS v3 5.5
EPSS 0.0613
EPSS Percentile 91.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-665
Status published
Products (3)
apple/iphone_os < 12.1.3
apple/mac_os_x < 10.14.3
apple/tv_os < 12.1.2
Published Mar 05, 2019
Tracked Since Feb 18, 2026