CVE-2019-6225

HIGH

iPhone OS < 12.1.3 - Memory Corruption via Improved Validation

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2019-6225. PoCs published by Google Security Research, fatgrass, TrungNguyen1909.

AI-analyzed exploit summary This is a detailed writeup explaining the MIG semantics vulnerability in task_swap_mach_voucher() leading to a use-after-free condition due to incorrect reference counting of ipc_voucher_t objects. The analysis includes code snippets and MIG-generated function behavior.

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

Exploits (6)

exploitdb WRITEUP VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/46248

View Code ZIP pw:eip

This is a detailed writeup explaining the MIG semantics vulnerability in task_swap_mach_voucher() leading to a use-after-free condition due to incorrect reference counting of ipc_voucher_t objects. The analysis includes code snippets and MIG-generated function behavior.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: iOS/macOS (up to at least macOS 10.13.6)

No auth needed

Prerequisites: Access to the target system's task_swap_mach_voucher MIG routine

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 15 stars

by fatgrass · poc

https://github.com/fatgrass/OsirisJailbreak12

View Code ZIP pw:eip

This is a working proof-of-concept for CVE-2019-6225, an iOS 12.0-12.1.2 jailbreak exploit that achieves tfp0, root access, and sandbox escape. The code includes kernel memory manipulation, task port conversion, and exploit utilities.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: iOS 12.0-12.1.2

No auth needed

Prerequisites: iOS device running 12.0-12.1.2 · Physical or local access to the device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1611 - Escape to Host

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 2 stars

by TrungNguyen1909 · poc

https://github.com/TrungNguyen1909/CVE-2019-6225-macOS

View Code ZIP pw:eip

This repository contains a README describing a local privilege escalation (LPE) exploit for macOS ≤ 10.14.2 via CVE-2019-6225. The exploit is based on prior work by PsychoTea and is noted to crash the machine on the second run.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: macOS ≤ 10.14.2

Auth required

Prerequisites: Local access to a vulnerable macOS system · Kernel memory layout knowledge

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by devpixel12 · poc

https://gitlab.com/devpixel12/OsirisJailbreak12

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-6225, targeting iOS 12.0-12.1.2. It leverages a kernel vulnerability to achieve tfp0 (task_for_pid 0), root access, and sandbox escape, with code for memory manipulation and kernel execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: iOS 12.0-12.1.2

No auth needed

Prerequisites: iOS device running 12.0-12.1.2 · QiLin binary (qilin.o) for compilation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec WORKING POC

by ox1111 · poc

https://github.com/ox1111/jailbreak-iOS12

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-6225, targeting iOS 12. The exploit leverages a use-after-free vulnerability in the IOSurfaceRootUserClient to achieve kernel memory manipulation and arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: iOS 12

No auth needed

Prerequisites: iOS 12 device · kernel memory read/write primitives

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Apr 10, 2026 Full analysis →

nomisec WORKING POC

by raystyle · poc

https://github.com/raystyle/jailbreak-iOS12

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2019-6225, targeting iOS 12 to achieve local privilege escalation via kernel memory manipulation and fake task port creation. The exploit leverages the IOSurfaceRootUserClient to execute arbitrary kernel code.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Apple iOS 12

No auth needed

Prerequisites: Physical or local access to the target device · iOS 12 vulnerability presence

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106695

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209446

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46248/

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209443

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT209447

Scores

CVSS v3 7.8

EPSS 0.6452

EPSS Percentile 98.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

apple/iphone_os < 12.1.3

apple/mac_os_x < 10.14.3

apple/tvos < 12.1.2

Published Mar 05, 2019

Tracked Since Feb 18, 2026