CVE-2019-8820

HIGH

iCloud < 7.15 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8820. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a type confusion vulnerability in JavaScriptCore (JSC) by manipulating bytecode register allocation and triggering an assertion failure in debug builds. The PoC crashes JSC by exploiting incorrect callee value restoration during a bailout in the DFG JIT compiler.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47590

View Code ZIP pw:eip

This exploit demonstrates a type confusion vulnerability in JavaScriptCore (JSC) by manipulating bytecode register allocation and triggering an assertion failure in debug builds. The PoC crashes JSC by exploiting incorrect callee value restoration during a bailout in the DFG JIT compiler.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Complex

Reliability

Reliable

Target: WebKit JavaScriptCore (JSC)

No auth needed

Prerequisites: Debug build of WebKit JSC

MITRE ATT&CK