CVE-2019-6215

HIGH

Apple Safari < 12.0.3 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC
by Google Security Research · javascriptdosmultiple
https://www.exploit-db.com/exploits/46448

References (9)

Scores

CVSS v3 8.8
EPSS 0.3232
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-843
Status published

Affected Products (8)

apple/safari < 12.0.3
apple/iphone_os < 12.1.3
apple/tvos < 12.1.2
apple/watchos < 5.1.3
apple/icloud < 7.10
apple/itunes < 12.9.3
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Mar 05, 2019
Tracked Since Feb 18, 2026