Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6209 — Out-of-bounds Read in Apple Macos

CWE-125 — Out-of-bounds Read8 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

4.8%

top 10.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple IOS Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5apple/tvosunspecified — tvOS 12.1.2

▶CVEListV5apple/macosunspecified — macOS Mojave 10.14.3

▶NVDapple/tv_os< 12.1.2

▶CVEListV5apple/watchosunspecified — watchOS 5.1.3

▶NVDapple/watchos< 5.1.3

🔴Vulnerability Details

GHSA

GHSA-v4xr-cmv4-62xp: An out-of-bounds read issue existed that led to the disclosure of kernel memory↗2022-05-14

▶

CVEList

CVE-2019-6209: An out-of-bounds read issue existed that led to the disclosure of kernel memory↗2019-03-05

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure↗2019-01-30

▶

📋Vendor Advisories

Apple

CVE-2019-6209: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra↗2019-01-22

▶

Apple

CVE-2019-6209: iOS 12.1.3↗2019-01-22

▶

Apple

CVE-2019-6209: tvOS 12.1.2↗2019-01-22

▶

Apple

CVE-2019-6209: watchOS 5.1.3↗2019-01-22

▶