#VU17155 Memory corruption in Apple iOS - CVE-2019-6205
Published: January 23, 2019 / Updated: January 29, 2019
Vulnerability identifier: #VU17155
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-6205
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a local authenticated attacker to bypass security restrictions.
The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.
The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.
Remediation
Update to version 12.1.3.