CVE-2019-8641

CRITICAL

iPhone OS < 12.4 - Out-of-bounds Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-8641. PoCs published by Google Security Research, chia33164.

AI-analyzed exploit summary This exploit leverages a deserialization vulnerability in NSKeyedUnarchiver's handling of NSSharedKeyDictionary objects, leading to an out-of-bounds memory read. The PoC demonstrates the issue via a crafted object file and includes steps to reproduce the crash in both iMessage and a macOS test program.

Description

An out-of-bounds read was addressed with improved input validation.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosios
https://www.exploit-db.com/exploits/47415

This exploit leverages a deserialization vulnerability in NSKeyedUnarchiver's handling of NSSharedKeyDictionary objects, leading to an out-of-bounds memory read. The PoC demonstrates the issue via a crafted object file and includes steps to reproduce the crash in both iMessage and a macOS test program.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Complex
Reliability
Racy
Target: Apple macOS and iOS (NSKeyedUnarchiver)
No auth needed
Prerequisites: Frida installed · Target device's phone number or email · Custom object file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by chia33164 · poc
https://github.com/chia33164/CVE-2019-8641-reproduction

This repository contains a proof-of-concept exploit for CVE-2019-8641, a deserialization vulnerability in Apple's iMessage. The exploit leverages crafted NSKeyedArchiver payloads to achieve remote code execution via memory corruption.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Apple iMessage (macOS 10.15.1 and earlier)
No auth needed
Prerequisites: Victim must receive a malicious iMessage · Attacker must craft a payload tailored to the target's memory layout
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
dosmultiple
https://www.exploit-db.com/exploits/47608

The writeup details a deserialization vulnerability in macOS's NSUnarchiver API, where attacker-controlled data in iMessages can trigger a crash via NSSharedKeyDictionary and NSSharedKeySet manipulation. The analysis includes a technical breakdown of the exploit mechanism and a reference to a Proof of Concept.

Classification
Writeup 90%
Attack Type
Deserialization
Complexity
Complex
Reliability
Theoretical
Target: macOS 10.14.6
No auth needed
Prerequisites: Ability to send crafted iMessages to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210606
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210589
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210607
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210590
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210588

Scores

CVSS v3 9.8
EPSS 0.1597
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (4)
apple/iphone_os < 12.4
apple/mac_os_x < 10.14.6
apple/tvos < 12.4
apple/watchos < 5.3
Published Dec 18, 2019
Tracked Since Feb 18, 2026