CVE-2019-8689

HIGH

iCloud < 7.13 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8689. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates an integer overflow vulnerability in JavaScriptCore's DFG JIT compiler, allowing out-of-bounds access to stack arguments. The PoC triggers the bug by passing a negative index to the `inlinee` function, leading to uninitialized variable access.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47316

View Code ZIP pw:eip

The exploit demonstrates an integer overflow vulnerability in JavaScriptCore's DFG JIT compiler, allowing out-of-bounds access to stack arguments. The PoC triggers the bug by passing a negative index to the `inlinee` function, leading to uninitialized variable access.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScriptCore (Safari, other WebKit-based browsers)

No auth needed

Prerequisites: WebKit-based browser with JIT enabled

MITRE ATT&CK