CVE-2019-8611

HIGH

iCloud < 7.12 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8611. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a type confusion vulnerability in JavaScriptCore (CVE-2019-8611) where a dangling register (rdx) is incorrectly reused during JIT compilation, leading to a crash or potential arbitrary code execution. The PoC triggers the bug by forcing a bailout scenario where the register is expected to hold a scope object but contains arbitrary data.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/46890

View Code ZIP pw:eip

This exploit demonstrates a type confusion vulnerability in JavaScriptCore (CVE-2019-8611) where a dangling register (rdx) is incorrectly reused during JIT compilation, leading to a crash or potential arbitrary code execution. The PoC triggers the bug by forcing a bailout scenario where the register is expected to hold a scope object but contains arbitrary data.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit JavaScriptCore (Safari, jsc)

No auth needed

Prerequisites: JavaScriptCore with JIT enabled · Specific JIT compilation thresholds met

MITRE ATT&CK