CVE-2019-6218

HIGH

Apple Iphone OS < 12.1.3 - Out-of-Bounds Write

Title source: rule

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46297

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106695

[Vendor Advisory] https://support.apple.com/HT209443

[Vendor Advisory] https://support.apple.com/HT209446

[Vendor Advisory] https://support.apple.com/HT209447

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46297/

Scores

CVSS v3 7.8

EPSS 0.0645

EPSS Percentile 91.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tvos < 12.1.2

Published Mar 05, 2019

Tracked Since Feb 18, 2026