CVE-2019-8591

HIGH

iPhone OS < 12.3 - Type Confusion

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-8591. PoCs published by Google Security Research, jsherman212.

AI-analyzed exploit summary This PoC exploits a type confusion vulnerability in macOS's stf_ioctl function, where a user-provided `struct ifreq` is incorrectly cast to `struct ifaddr`, leading to a kernel panic. The exploit triggers a page fault by accessing invalid memory, demonstrating the vulnerability in macOS 10.14.3.

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · dosmultiple

https://www.exploit-db.com/exploits/46891

View Code ZIP pw:eip

This PoC exploits a type confusion vulnerability in macOS's stf_ioctl function, where a user-provided `struct ifreq` is incorrectly cast to `struct ifaddr`, leading to a kernel panic. The exploit triggers a page fault by accessing invalid memory, demonstrating the vulnerability in macOS 10.14.3.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: macOS 10.14.3

No auth needed

Prerequisites: macOS 10.14.3 system with the stf interface available

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by jsherman212 · poc

https://github.com/jsherman212/used_sock

View Code ZIP pw:eip

This is a kernel exploit for iOS 12-12.2 and 12.4, leveraging a use-after-free vulnerability (CVE-2019-8591) to achieve local privilege escalation. The exploit manipulates kernel structures to gain arbitrary read/write capabilities.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Apple iOS 12.0-12.2, 12.4

No auth needed

Prerequisites: Physical or remote access to a vulnerable iOS device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210118

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210119

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210120

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210122

Scores

CVSS v3 7.1

EPSS 0.0444

EPSS Percentile 90.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-843

Status published

Products (4)

apple/iphone_os < 12.3

apple/mac_os_x < 10.14.5

apple/tvos < 12.3

apple/watchos < 5.2.1

Published Dec 18, 2019

Tracked Since Feb 18, 2026