CVE-2019-8591

HIGH

Apple Iphone OS < 12.3 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · dosmultiple

https://www.exploit-db.com/exploits/46891

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by jsherman212 · poc

https://github.com/jsherman212/used_sock

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210118

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210119

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210120

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210122

Scores

CVSS v3 7.1

EPSS 0.0840

EPSS Percentile 92.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-843

Status published

Products (4)

apple/iphone_os < 12.3

apple/mac_os_x < 10.14.5

apple/tvos < 12.3

apple/watchos < 5.2.1

Published Dec 18, 2019

Tracked Since Feb 18, 2026