Published: 05/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple tvos
apple mac os x

/* _xpc_serializer_unpack in libxpc parses mach messages which contain xpc messages There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACH_MSG_OOL_DESCRIPTOR Also if the message contains other port resources (eg memory entry ports) then they're also transfered as MACH_PORT_OOL ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra <!--X ...

CWE-787 https://support.apple.com/HT209447 https://support.apple.com/HT209446 https://support.apple.com/HT209443 https://www.exploit-db.com/exploits/46297/http://www.securityfocus.com/bid/106695 https://nvd.nist.gov https://www.exploit-db.com/exploits/46297

CVE-2019-6218

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect