EIP-2026-102164

PRE-CVE

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102164. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in mediaserverd's AudioFileReadPacketData function on iOS 12.4. The PoC demonstrates how integer overflows during buffer allocation can lead to memory corruption, potentially allowing arbitrary code execution.

Description

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosios

https://www.exploit-db.com/exploits/47694

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in mediaserverd's AudioFileReadPacketData function on iOS 12.4. The PoC demonstrates how integer overflows during buffer allocation can lead to memory corruption, potentially allowing arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple iOS 12.4 (mediaserverd)

No auth needed

Prerequisites: iOS 12.4 device · Audio file in iTunes library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026