CVE-2019-6217
published 2019-03-05CVE-2019-6217: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3…
PriorityP348high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.84%
76.4th percentile
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud | < 7.10 | 7.10 |
| apple | icloud_for_windows | — | — |
| apple | icloud_for_windows | >= unspecified < iCloud for Windows 7.10 | iCloud for Windows 7.10 |
| apple | ios | — | — |
| apple | ios | >= unspecified < iOS 12.1.3 | iOS 12.1.3 |
| apple | iphone_os | < 12.1.3 | 12.1.3 |
| apple | itunes | < 12.9.3 | 12.9.3 |
| apple | itunes_12.9.3_for_windows | — | — |
| apple | itunes_for_windows | >= unspecified < iTunes 12.9.3 for Windows | iTunes 12.9.3 for Windows |
| apple | safari | < 12.0.3 | 12.0.3 |
| apple | safari | — | — |
| apple | safari | >= unspecified < Safari 12.0.3 | Safari 12.0.3 |
| apple | tvos | < 12.1.2 | 12.1.2 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < tvOS 12.1.2 | tvOS 12.1.2 |
| apple | watchos | < 5.1.3 | 5.1.3 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < watchOS 5.1.3 | watchOS 5.1.3 |
| debian | webkit2gtk | < webkit2gtk 2.22.5-1 (bookworm) | webkit2gtk 2.22.5-1 (bookworm) |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2019-6217: iTunes 12.9.3 for Windows
vendor_apple·2019-01-24·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: iTunes 12.9.3 for Windows
Apple Security Update: About the security content of iTunes 12.9.3 for Windows
Product: iTunes 12.9.3 for Windows
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2019-6217: Safari 12.0.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: Safari 12.0.3
Apple Security Update: About the security content of Safari 12.0.3
Product: Safari
Version: 12.0.3
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2019-6217: watchOS 5.1.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: watchOS 5.1.3
Apple Security Update: About the security content of watchOS 5.1.3
Product: watchOS
Version: 5.1.3
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2019-6217: tvOS 12.1.2
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: tvOS 12.1.2
Apple Security Update: About the security content of tvOS 12.1.2
Product: tvOS
Version: 12.1.2
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2019-6217: iCloud for Windows 7.10
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: iCloud for Windows 7.10
Apple Security Update: About the security content of iCloud for Windows 7.10
Product: iCloud for Windows
Version: 7.10
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2019-6217: iOS 12.1.3
vendor_apple·2019-01-22·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: iOS 12.1.3
Apple Security Update: About the security content of iOS 12.1.3
Product: iOS
Version: 12.1.3
CVE: CVE-2019-6217
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Debian
CVE-2019-6217: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ...
vendor_debian·2019·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ...
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.22.5-1)
bullseye: resolved (fixed in 2.22.5-1)
forky: resolved (fixed in 2.22.5-1)
sid: resolved (fixed in 2.22.5-1)
trixie: resolved (fixed in 2.22.5-1)
GHSA
GHSA-pg83-j9v9-qgmq: Multiple memory corruption issues were addressed with improved memory handling
ghsa_unreviewed·2022-05-13
CVE-2019-6217 [HIGH] CWE-787 GHSA-pg83-j9v9-qgmq: Multiple memory corruption issues were addressed with improved memory handling
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
Project0
JSC Exploits - Project Zero
project_zero·2019-08-01
CVE-2017-2505 JSC Exploits - Project Zero
Posted by Samuel Groß, Project Zero
In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS. Although Chrome on iOS would have also been vulnerable to these initial browser exploits, they were only used by the attacker to target Safari and iPhones.
After some general discussion, this post first provides a short walkthrough of each of the exploited WebKit bugs and how the attackers construct a memory read/write primitive from them, followed by an overview of the techniques used to gain shellcode execution and how they bypassed existing JIT code injection mitigations, namely the “bulletpr
OSV
CVE-2019-6217: Multiple memory corruption issues were addressed with improved memory handling
osv·2019-03-05·CVSS 8.8
CVE-2019-6217 [HIGH] CVE-2019-6217: Multiple memory corruption issues were addressed with improved memory handling
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/106699https://security.gentoo.org/glsa/201903-12https://support.apple.com/HT209443https://support.apple.com/HT209447https://support.apple.com/HT209448https://support.apple.com/HT209449https://support.apple.com/HT209450https://support.apple.com/HT209451http://www.securityfocus.com/bid/106699https://security.gentoo.org/glsa/201903-12https://support.apple.com/HT209443https://support.apple.com/HT209447https://support.apple.com/HT209448https://support.apple.com/HT209449https://support.apple.com/HT209450https://support.apple.com/HT209451
2019-03-05
Published