CVE-2019-8663

MEDIUM

iPhone OS < 12.4 and macOS < 10.14.6 - Memory Leak

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8663. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates an information leak vulnerability in the SGBigUTF8String class due to improper handling of non-null-terminated UTF-8 data during decoding. The PoC compiles a program that triggers the leak, displaying leaked memory contents.

Description

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47257

View Code ZIP pw:eip

This exploit demonstrates an information leak vulnerability in the SGBigUTF8String class due to improper handling of non-null-terminated UTF-8 data during decoding. The PoC compiles a program that triggers the leak, displaying leaked memory contents.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apple CoreSuggestionsInternals (iMessage component)

No auth needed

Prerequisites: Access to a macOS system with CoreSuggestionsInternals framework · Compiler (clang) and necessary headers

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210346

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210348

Scores

CVSS v3 5.3

EPSS 0.0627

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (2)

apple/iphone_os < 12.4

apple/mac_os_x < 10.14.6

Published Dec 18, 2019

Tracked Since Feb 18, 2026