Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
688
VMScore

CVE-2019-6225

Published: 05/03/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 688
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

apple tvos

apple iphone os

Exploits

Exploit DB: iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
/* * voucher_swap-pocc * Brandon Azad */ #if 0 iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 (CVE-2016-7612), 954 (CVE-2016-7633), 1417 (CVE-2017-13861, async_wake), 1520 (CVE-2018-4139), 1529 (CVE-2018-4206), and 1 ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra <!--X ...

Github Repositories

https://github.com/HeyItskPan1c/Osiris12BykPan

OsirisJailbreak12 iOS 120 -&gt; 1212 Incomplete Jailbreak with CVE-2019-6225 An incomplete iOS 12 Jailbreak For now it only runs the exploit, gets tfp0, gets ROOT, escapes the SandBox, writes a test file to prove the sandbox was escaped then resprings Feel free to build on top of it as long as you respect the GPLv3 license Older (4K) devices are not supported for now

https://github.com/fatgrass/OsirisJailbreak12

iOS 12.0 -> 12.1.2 Incomplete Osiris Jailbreak with CVE-2019-6225 by GeoSn0w (FCE365)

OsirisJailbreak12 iOS 120 -&gt; 1212 Incomplete Jailbreak with CVE-2019-6225 An incomplete iOS 12 Jailbreak For now it only runs the exploit, gets tfp0, gets ROOT, escapes the SandBox, writes a test file to prove the sandbox was escaped then resprings Feel free to build on top of it as long as you respect the GPLv3 license 4K devices are not supported for now A12 and

https://github.com/iFenixx/voucher_swap-Exploit-for-iOS-12.1.2

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ipc_vo

https://github.com/betmenwasdie/poc.voucherSwap

iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ip

https://github.com/TrungNguyen1909/CVE-2019-6225-macOS

CVE-2019-6225 Local Privilege Escalation for macOS ≤ 10142 via CVE-2019-6225 Not yet tested on other machines, some hardcoded values might be incorrect Does NOT work on machines with SMAP It will crash your machine on the second run, no matter how the first run was Most of the code are based on PsychoTea/machswap Special thanks: @_bazad, @S0rryMyBad for the bug @S1guza

https://github.com/OpenJailbreak/voucher_swap

Obtains the kernel task port and establishes a kernel function calling primitive on the iPhone XS, iPhone XR, and iPhone 8 running iOS 12.1.2

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ip

https://github.com/pagazp/Chaos

Chaos Exploit for iOS 12.0 - 12.1.2 PoC & Writeup

Chaos kernel bug for iOS 120 through 1212 PoC &amp; Writeup (CVE-2019-6225) Read everything please This only works with 64-bit devices running 120 - 1212 Writeup by @haxoorr (me) I made a clean writeup because the original PoC was posted as an image Fixed in iOS 1213 (16D39) If you're interested in bootstrapping iOS kernel security research (including

https://github.com/ugksoft/OsirisJailbreak12

OsirisJailbreak12 iOS 120 -&gt; 1212 Incomplete Jailbreak with CVE-2019-6225 An incomplete iOS 12 Jailbreak For now it only runs the exploit, gets tfp0, gets ROOT, escapes the SandBox, writes a test file to prove the sandbox was escaped then resprings Feel free to build on top of it as long as you respect the GPLv3 license 4K devices are not supported for now A12 and

https://github.com/PsychoTea/machswap

An iOS kernel exploit for iOS 11 through 12.1.2. Non-SMAP (<=A9) devices only.

machswap An iOS kernel exploit for iOS 11 - 1212 Based on the task_swap_mach_voucher bug (CVE-2019-6225), joint-discovered/released by @S0rryMyBad and @bazad Somewhat loosely based on @s1guza's v0rtex exploit Non-SMAP (&lt;=A9) devices only Many thanks to @s1guza, @littlelailo, and @qwertyoruiopz Writeup: sparkeszone/blog/ios/2019/04/30/machswap-ios-12-

https://github.com/PsychoTea/machswap2

An iOS kernel exploit for iOS 11 through 12.1.2. Works on A7 - A11 devices.

machswap2 An iOS kernel exploit for iOS 11 - 1212 Based on the task_swap_mach_voucher bug (CVE-2019-6225), joint-discovered/released by @S0rryMyBad and @bazad Somewhat loosely based on @s1guza's v0rtex exploit, and @tihmstar's v3ntex exploit Works on A7 - A11 devices (no A12 as I have no A12 device) Many thanks to @s1guza, @littlelailo, and @qwertyoruiopz Twitt

References

CWE-787https://support.apple.com/HT209447https://support.apple.com/HT209446https://support.apple.com/HT209443https://www.exploit-db.com/exploits/46248/http://www.securityfocus.com/bid/106695https://nvd.nist.govhttps://www.exploit-db.com/exploits/46248https://github.com/fatgrass/OsirisJailbreak12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook