CVE-2019-8646

HIGH EXPLOITED IN THE WILD RANSOMWARE

iPhone OS < 12.4 - Out-of-bounds Read

Title source: llm

Exploitation Summary

CVE-2019-8646 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Google Security Research.

AI-analyzed exploit summary This exploit leverages a deserialization vulnerability in iOS's handling of _NSDataFileBackedFuture objects to perform out-of-bounds reads and leak memory from a remote device via iMessage. The PoC demonstrates file leakage by crafting malicious serialized objects that bypass URL scheme checks and exploit localization string handling.

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47194

View Code ZIP pw:eip

This exploit leverages a deserialization vulnerability in iOS's handling of _NSDataFileBackedFuture objects to perform out-of-bounds reads and leak memory from a remote device via iMessage. The PoC demonstrates file leakage by crafting malicious serialized objects that bypass URL scheme checks and exploit localization string handling.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Complex

Reliability

Reliable

Target: Apple iOS 12 and later

No auth needed

Prerequisites: Frida installed · Target device running iOS 12+ · Server to host malicious payloads

MITRE ATT&CK

T1555 - Credentials from Password Stores T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210353

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210346

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210348

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210351

Scores

CVSS v3 7.5

EPSS 0.1133

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2022-05-18

InTheWild.io 2023-02-15

Ransomware Use Confirmed

CWE

CWE-125

Status published

Products (4)

apple/iphone_os < 12.4

apple/mac_os_x < 10.14.6

apple/tvos < 12.4

apple/watchos < 5.3

Published Dec 18, 2019

Tracked Since Feb 18, 2026