CVE-2019-6218 — Vulnetix

CVE-2019-6218 PUBLISHED CVSS 7.800000190734863 HIGH

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

EPSS 6.45% · 91.2th percentile

Risk Scores

CVSS 3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

6.45%

91.2th percentile

Affected Products

Vendor	Product	Versions
Apple	tvOS	unspecified
apple	tvos	0
apple	iphone_os	0
apple	mac_os_x	0
Apple	iOS	unspecified
Apple	macOS	unspecified

Exploit Intelligence

CIRCL seen: CVE-2019-6218 (circl-sighting)
CIRCL exploited: CVE-2019-6218 (circl-sighting)
106695 (circl)
https://support.apple.com/HT209446 (circl)
https://support.apple.com/HT209443 (circl)
https://support.apple.com/HT209447 (circl)
https://www.exploit-db.com/exploits/46297/ (nist-nvd)
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to (0day-today)
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to (0day-today)

Timeline

Jan 23, 2019 CVE Published
Jan 28, 2019 PoC Published
Jan 31, 2019 PoC Published
Feb 1, 2019 PoC Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
May 1, 2022 EPSS Score
May 13, 2022 CVE Updated
Jul 3, 2022 EPSS Score

References

https://support.apple.com/en-us/HT209451 advisory
https://support.apple.com/en-us/HT209447 advisory
https://support.apple.com/en-us/HT209443 advisory
https://support.apple.com/en-us/HT209449 advisory
https://support.apple.com/en-us/HT209448 advisory
https://support.apple.com/en-us/HT209446 advisory
106695 vdb
https://support.apple.com/HT209446 url
https://support.apple.com/HT209443 url
46297 exploit
https://support.apple.com/HT209447 url
https://nvd.nist.gov/vuln/detail/CVE-2019-6218 advisory
https://www.exploit-db.com/exploits/46297 url

Open in Interactive Console →