CVE-2019-8805

HIGH

macOS Catalina <10.15.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8805. PoCs published by securelayer7.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-8805, a privilege escalation vulnerability in Apple's EndpointSecurity framework. The exploit leverages a validation issue in entitlement verification to execute arbitrary code with system privileges on macOS versions prior to Catalina 10.15.1.

Description

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.

Exploits (1)

nomisec WORKING POC 1 stars

by securelayer7 · poc

https://github.com/securelayer7/CVE-2019-8805

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2019-8805, a privilege escalation vulnerability in Apple's EndpointSecurity framework. The exploit leverages a validation issue in entitlement verification to execute arbitrary code with system privileges on macOS versions prior to Catalina 10.15.1.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple EndpointSecurity framework on macOS < 10.15.1

No auth needed

Prerequisites: macOS version prior to 10.15.1 · compiler with Foundation framework support

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT210722

Scores

CVSS v3 7.8

EPSS 0.0257

EPSS Percentile 83.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

apple/mac_os_x < 10.15.1

Published Dec 18, 2019

Tracked Since Feb 18, 2026