← back
CVE-2019-7286

CVE-2019-7286

CVSS 7.8 HIGHEPSS 15.7%● KEVCWE-787
Vexday Risk Score
76High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 15.7%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
06 May 2019Public PoC
18 Dec 2019Published on NVD
23 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A memory corruption flaw in iOS and macOS allowed apps to gain elevated privileges by bypassing security protections. This was fixed by improving how the system validates input data.

Technical detail

A memory corruption vulnerability (CWE-787: Out-of-bounds Write) in iOS 12.1.3 and macOS Mojave 10.14.2 and earlier permitted a malicious application with local execution context to write data outside intended memory boundaries, potentially achieving privilege escalation. The vulnerability was remediated through enhanced input validation in iOS 12.1.4 and macOS Mojave 10.14.3.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · macOS
public PoCs found1
exploitdbwww.exploit-db.com/exploits/46803unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT209520https://support.apple.com/HT209521https://support.apple.com/HT209601https://support.apple.com/HT209602https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7286