CVE-2019-8660

CRITICAL

iPhone OS < 12.4 - Remote Code Execution via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8660. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit describes a memory corruption vulnerability in the decoding of NSKnownKeysDictionary1 objects, where an integer overflow during buffer allocation can lead to out-of-bounds writes. The PoC involves using Frida to inject a malicious payload into iMessage, but the actual exploit code is referenced externally.

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47193

View Code ZIP pw:eip

The exploit describes a memory corruption vulnerability in the decoding of NSKnownKeysDictionary1 objects, where an integer overflow during buffer allocation can lead to out-of-bounds writes. The PoC involves using Frida to inject a malicious payload into iMessage, but the actual exploit code is referenced externally.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Apple iMessage (specific version not specified, likely iOS/macOS versions vulnerable to CVE-2019-8660)

No auth needed

Prerequisites: Frida installed · Target's phone number or email · Access to the target's iMessage

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210353

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210346

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210348

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210351

Scores

CVSS v3 9.8

EPSS 0.1311

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

apple/iphone_os < 12.4

apple/mac_os_x < 10.14.6

apple/tvos < 12.4

apple/watchos < 5.3

Published Dec 18, 2019

Tracked Since Feb 18, 2026