CVE-2019-8765

HIGH

watchOS < 6.1 - Remote Code Execution via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8765. PoCs published by Google Security Research.

AI-analyzed exploit summary This JavaScript PoC exploits a type confusion vulnerability in JavaScriptCore (CVE-2019-8765) by manipulating object properties and JIT optimizations, leading to a crash or potential arbitrary code execution.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47565

View Code ZIP pw:eip

This JavaScript PoC exploits a type confusion vulnerability in JavaScriptCore (CVE-2019-8765) by manipulating object properties and JIT optimizations, leading to a crash or potential arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JavaScriptCore (WebKit)

No auth needed

Prerequisites: JavaScriptCore built from HEAD or stable release

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210724

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202003-22

Scores

CVSS v3 8.8

EPSS 0.0698

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

apple/watchos < 6.1

Published Dec 18, 2019

Tracked Since Feb 18, 2026