CVE-2019-6214

HIGH

Apple Iphone OS < 12.1.3 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46298

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.securityfocus.com/bid/106739

[Vendor Advisory] https://support.apple.com/HT209443

[Vendor Advisory] https://support.apple.com/HT209446

[Vendor Advisory] https://support.apple.com/HT209447

[Vendor Advisory] https://support.apple.com/HT209448

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46298/

Scores

CVSS v3 8.6

EPSS 0.0842

EPSS Percentile 92.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (4)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tv_os < 12.1.2

apple/watchos < 5.1.3

Published Mar 05, 2019

Tracked Since Feb 18, 2026