{"api_version":"1","generated_at":"2026-05-15T11:57:51+00:00","cve":"CVE-2019-6209","urls":{"html":"https://cve.report/CVE-2019-6209","api":"https://cve.report/api/cve/CVE-2019-6209.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6209","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6209"},"summary":{"title":"CVE-2019-6209","description":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-03-05 16:29:00","updated_at":"2019-03-06 14:12:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106739","name":"106739","refsource":"BID","tags":["Third Party Advisory"],"title":"Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT209446","name":"https://support.apple.com/HT209446","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209448","name":"https://support.apple.com/HT209448","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of watchOS 5.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/46285/","name":"46285","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory"],"title":"iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure - Multiple dos Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209447","name":"https://support.apple.com/HT209447","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of tvOS 12.1.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209443","name":"https://support.apple.com/HT209443","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 12.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6209","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6209","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tv_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tv_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2019-6209","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"iOS 12.1.3"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"macOS Mojave 10.14.3"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"tvOS 12.1.2"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"watchOS 5.1.3"}]}}]},"vendor_name":"Apple"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"A malicious application may be able to determine kernel memory layout"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT209446","refsource":"CONFIRM","url":"https://support.apple.com/HT209446"},{"name":"https://support.apple.com/HT209443","refsource":"CONFIRM","url":"https://support.apple.com/HT209443"},{"name":"46285","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/46285/"},{"name":"https://support.apple.com/HT209448","refsource":"CONFIRM","url":"https://support.apple.com/HT209448"},{"name":"106739","refsource":"BID","url":"http://www.securityfocus.com/bid/106739"},{"name":"https://support.apple.com/HT209447","refsource":"CONFIRM","url":"https://support.apple.com/HT209447"}]}},"nvd":{"publishedDate":"2019-03-05 16:29:00","lastModifiedDate":"2019-03-06 14:12:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.14.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6209","Ordinal":"143880","Title":"CVE-2019-6209","CVE":"CVE-2019-6209","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6209","Ordinal":"1","NoteData":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6209","Ordinal":"2","NoteData":"2019-03-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6209","Ordinal":"3","NoteData":"2019-03-06","Type":"Other","Title":"Modified"}]}}}