CVE-2019-6209

MEDIUM

Apple Iphone OS < 12.1.3 - Out-of-Bounds Read

Title source: rule

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46285

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.securityfocus.com/bid/106739

[Vendor Advisory] https://support.apple.com/HT209443

[Vendor Advisory] https://support.apple.com/HT209446

[Vendor Advisory] https://support.apple.com/HT209447

[Vendor Advisory] https://support.apple.com/HT209448

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46285/

Scores

CVSS v3 5.5

EPSS 0.0478

EPSS Percentile 89.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (4)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tv_os < 12.1.2

apple/watchos < 5.1.3

Published Mar 05, 2019

Tracked Since Feb 18, 2026