⚠ Actively exploited
Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..

CVE-2019-7287Out-of-bounds Write in Apple IOS

CWE-787Out-of-bounds Write12 documents7 sources
Severity
7.8HIGHNVD
EPSS
4.9%
top 10.43%
CISA KEV
KEV
Added 2022-05-23
Due 2022-06-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apple IOSApple Iphone OS
Timeline
PublishedDec 18
KEV addedMay 23
Latest updateMay 24
KEV dueJun 13
CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/iosunspecifiediOS 12.1.4
NVDapple/iphone_os< 12.1.4

🔴Vulnerability Details

9
GHSA
GHSA-c857-frv5-v87x: A memory corruption issue was addressed with improved input validation2022-05-24
Project0
Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero2020-07-01
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero2020-07-01
Project0
A survey of recent iOS kernel exploits - Project Zero2020-06-01
CVEList
CVE-2019-7287: A memory corruption issue was addressed with improved input validation2019-12-18

📋Vendor Advisories

2
CISA
Apple iOS Memory Corruption Vulnerability2022-05-23
Apple
CVE-2019-7287: iOS 12.1.42019-02-07
CVE-2019-7287 — Out-of-bounds Write in Apple IOS | cvebase