CVE-2019-6213

HIGH

iPhone OS < 12.1.3 - Remote Code Execution via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6213. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a kernel heap overflow in MacOS/iOS PF_KEY due to lack of bounds checking in the `key_getsastatbyspi` function. It triggers the vulnerability by sending multiple SADB_GETSASTAT requests for a valid SPI, causing a buffer overflow.

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46300

View Code ZIP pw:eip

This exploit demonstrates a kernel heap overflow in MacOS/iOS PF_KEY due to lack of bounds checking in the `key_getsastatbyspi` function. It triggers the vulnerability by sending multiple SADB_GETSASTAT requests for a valid SPI, causing a buffer overflow.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: MacOS 10.14.2 (18C54) and potentially other versions with PF_KEY implementation

No auth needed

Prerequisites: Valid SA with a known SPI (e.g., 0x41414141) must be loaded prior to exploitation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209446

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209443

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209448

Third Party Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106739

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46300/

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209447

Scores

CVSS v3 7.8

EPSS 0.0434

EPSS Percentile 89.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (4)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tv_os < 12.1.2

apple/watchos < 5.1.3

Published Mar 05, 2019

Tracked Since Feb 18, 2026