CVE-2019-8671

HIGH

iCloud < 7.13 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8671. PoCs published by Google Security Research.

AI-analyzed exploit summary This JavaScript PoC exploits a JIT optimization flaw in JavaScriptCore (CVE-2019-8671) by triggering unsafe loop-invariant code motion (LICM), leading to a crash when accessing uninitialized butterfly pointers in Arguments objects.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47190

View Code ZIP pw:eip

This JavaScript PoC exploits a JIT optimization flaw in JavaScriptCore (CVE-2019-8671) by triggering unsafe loop-invariant code motion (LICM), leading to a crash when accessing uninitialized butterfly pointers in Arguments objects.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Complex

Reliability

Reliable

Target: WebKit JavaScriptCore (jsc)

No auth needed

Prerequisites: JavaScriptCore (jsc) execution environment

MITRE ATT&CK