Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6205Out-of-bounds Write in Apple Macos

CWE-787Out-of-bounds Write7 documents5 sources
Severity
7.8HIGHNVD
EPSS
8.7%
top 7.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Apple IOSApple MacosApple Tvos+2 more
Timeline
PublishedMar 5
Latest updateMay 13

Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5apple/tvosunspecifiedtvOS 12.1.2
NVDapple/tvos< 12.1.2
CVEListV5apple/macosunspecifiedmacOS Mojave 10.14.3
NVDapple/mac_os_x< 10.14.3
CVEListV5apple/iosunspecifiediOS 12.1.3

🔴Vulnerability Details

2
GHSA
GHSA-w2px-wm37-g99g: A memory corruption issue was addressed with improved lock state checking2022-05-13
CVEList
CVE-2019-6205: A memory corruption issue was addressed with improved lock state checking2019-03-05

💥Exploits & PoCs

1
Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic2019-01-31

📋Vendor Advisories

3
Apple
CVE-2019-6205: iOS 12.1.32019-01-22
Apple
CVE-2019-6205: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra2019-01-22
Apple
CVE-2019-6205: tvOS 12.1.22019-01-22
CVE-2019-6205 — Out-of-bounds Write in Apple Macos | cvebase