CVE-2019-8518

HIGH

iCloud < 7.11 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8518. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a JIT optimization flaw in JavaScriptCore (CVE-2019-8518), where loop-invariant code motion incorrectly hoists an out-of-bounds array access before bounds checks, leading to a crash and potential arbitrary memory access.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/46649

View Code ZIP pw:eip

This exploit targets a JIT optimization flaw in JavaScriptCore (CVE-2019-8518), where loop-invariant code motion incorrectly hoists an out-of-bounds array access before bounds checks, leading to a crash and potential arbitrary memory access.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScriptCore (macOS, iOS, Safari)

No auth needed

Prerequisites: FTL JIT compilation enabled · Lowered optimization threshold (or default with modified version)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →