CVE-2019-6209

MEDIUM

iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Out-of-bounds Read

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6209. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages an uninitialized stack memory disclosure vulnerability in macOS 10.13.4-10.13.6. By manipulating the 'SleepWakeUUID' property and triggering the `if_ports_used_update_wakeuuid()` function, uninitialized kernel stack data is copied into a sysctl variable, allowing userspace read access.

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46285

View Code ZIP pw:eip

This exploit leverages an uninitialized stack memory disclosure vulnerability in macOS 10.13.4-10.13.6. By manipulating the 'SleepWakeUUID' property and triggering the `if_ports_used_update_wakeuuid()` function, uninitialized kernel stack data is copied into a sysctl variable, allowing userspace read access.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: macOS 10.13.4 to 10.13.6

No auth needed

Prerequisites: Physical or remote access to trigger sleep/wake cycle · Ability to set the 'SleepWakeUUID' property

MITRE ATT&CK

T1069 - Permission Groups Discovery T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209446

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209443

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46285/

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209448

Third Party Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106739

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209447

Scores

CVSS v3 5.5

EPSS 0.0478

EPSS Percentile 89.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (4)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tv_os < 12.1.2

apple/watchos < 5.1.3

Published Mar 05, 2019

Tracked Since Feb 18, 2026