Memory corruption in Apple iOS - CVE-2019-6208
Published: January 23, 2019 / Updated: January 29, 2019
Vulnerability identifier: #VU17157
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-6208
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to bypass security restrictions.
The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.
The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.
How to mitigate CVE-2019-6208
Update to version 12.1.3.