CVE-2019-8694

Vulnerability

A memory corruption issue exists in macOS Mojave 10.14.5 and earlier. The vulnerability is present in the AppleGraphicsControl component, as described in Apple's security advisory [1]. The flaw was addressed in macOS Mojave 10.14.6 through improved memory handling.

Exploitation

An attacker must first achieve the ability to run an arbitrary application on the affected system. No additional authentication or user interaction beyond executing the application is required. The application can trigger the memory corruption through normal system calls or operations that reach the vulnerable code path.

Impact

Successful exploitation allows the application to execute arbitrary code with kernel privileges, leading to full compromise of the operating system. The attacker can execute commands at the highest privilege level, potentially gaining access to all system resources, data, and functionality.

Mitigation

The vulnerability is fixed in macOS Mojave 10.14.6, released on July 22, 2019, as documented by Apple [1]. Users should update to the latest version of macOS Mojave (10.14.6 or later). No workarounds are provided. This CVE is not listed on the CISA KEV catalog.