Description
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/46648
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209599
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209601
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209600
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209602
Scores
CVSS v3
7.8
EPSS
0.0278
EPSS Percentile
86.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
apple/iphone_os
< 12.2
apple/mac_os_x
< 10.14.4
apple/tvos
< 12.2
apple/watchos
< 5.2
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026