CVE-2019-8605

HIGH KEV

Apple Iphone OS < 12.3 - Use After Free

Title source: rule

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/46892

View Code ZIP pw:eip

exploitdb WORKING POC

by Umang Raghuvanshi · textlocalios

https://www.exploit-db.com/exploits/47409

View Code ZIP pw:eip

nomisec WORKING POC

by 1nteger-c · local

https://github.com/1nteger-c/CVE-2019-8605

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

local

https://github.com/jsherman212/used_sock

View Code ZIP pw:eip

References (5)

[Release Notes, Vendor Advisory] https://support.apple.com/HT210118

[Release Notes, Vendor Advisory] https://support.apple.com/HT210119

[Release Notes, Vendor Advisory] https://support.apple.com/HT210120

[Release Notes, Vendor Advisory] https://support.apple.com/HT210122

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8605

Scores

CVSS v3 7.8

EPSS 0.1210

EPSS Percentile 93.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-27

VulnCheck KEV 2022-06-23

InTheWild.io 2022-06-27

ENISA EUVD EUVD-2019-17995

CWE

CWE-416

Status published

Products (4)

apple/iphone_os < 12.3

apple/mac_os_x < 10.14.5

apple/tvos < 12.3

apple/watchos < 5.2.1

Published Dec 18, 2019

KEV Added Jun 27, 2022

Tracked Since Feb 18, 2026