← back
CVE-2019-7286

CVE-2019-7286

CVSS 7.8 HIGHEPSS 15.7%● KEVCWE-787
In short

A memory corruption flaw in iOS and macOS allowed apps to gain elevated privileges by bypassing security protections. This was fixed by improving how the system validates input data.

Technical detail

A memory corruption vulnerability (CWE-787: Out-of-bounds Write) in iOS 12.1.3 and macOS Mojave 10.14.2 and earlier permitted a malicious application with local execution context to write data outside intended memory boundaries, potentially achieving privilege escalation. The vulnerability was remediated through enhanced input validation in iOS 12.1.4 and macOS Mojave 10.14.3.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · macOS
public PoCs found1
exploitdbwww.exploit-db.com/exploits/46803unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT209520https://support.apple.com/HT209521https://support.apple.com/HT209601https://support.apple.com/HT209602https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7286