Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6213 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Macos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

7.8HIGHNVD

EPSS

4.3%

top 11.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple IOS Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5apple/tvosunspecified — tvOS 12.1.2

▶CVEListV5apple/macosunspecified — macOS Mojave 10.14.3

▶NVDapple/tv_os< 12.1.2

▶CVEListV5apple/watchosunspecified — watchOS 5.1.3

▶NVDapple/watchos< 5.1.3

🔴Vulnerability Details

GHSA

GHSA-8p7r-f53q-7vm3: A buffer overflow was addressed with improved bounds checking↗2022-05-14

▶

Project0

Splitting atoms in XNU - Project Zero↗2019-04-01

▶

CVEList

CVE-2019-6213: A buffer overflow was addressed with improved bounds checking↗2019-03-05

▶

💥Exploits & PoCs

Exploit-DB

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics↗2019-01-31

▶

📋Vendor Advisories

Apple

CVE-2019-6213: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra↗2019-01-22

▶

Apple

CVE-2019-6213: tvOS 12.1.2↗2019-01-22

▶

Apple

CVE-2019-6213: watchOS 5.1.3↗2019-01-22

▶

Apple

CVE-2019-6213: iOS 12.1.3↗2019-01-22

▶