CVE-2019-8601

HIGH

Apple iCloud < 7.12 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8601. PoCs published by BadAccess11.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-8601, a WebKit vulnerability involving an integer overflow in the DFG JIT compiler's `compileNewArrayWithSpread` function. The exploit demonstrates how to achieve arbitrary code execution by corrupting array butterflies to gain read/write primitives.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

nomisec WORKING POC 17 stars

by BadAccess11 · poc

https://github.com/BadAccess11/CVE-2019-8601

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2019-8601, a WebKit vulnerability involving an integer overflow in the DFG JIT compiler's `compileNewArrayWithSpread` function. The exploit demonstrates how to achieve arbitrary code execution by corrupting array butterflies to gain read/write primitives.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit (JavaScriptCore)

No auth needed

Prerequisites: Target running a vulnerable version of WebKit · Ability to execute JavaScript in the target environment

MITRE ATT&CK