CVE-2019-8695

Vulnerability

A memory corruption issue exists in AppleGraphicsControl on macOS Mojave 10.14.5 [1]. The bug arises from improper input validation that leads to a memory-corruption condition, exploitable by a local application without special entitlements [1].

Exploitation

An attacker with the ability to run a malicious or compromised application on the affected system can trigger the memory corruption. No additional authentication or user interaction beyond launching the application is required. The exact sequence of steps is not publicly detailed, but the security advisory confirms that an application can leverage this flaw [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with system-level privileges, resulting in full compromise of the macOS system's confidentiality, integrity, and availability [1]. The attacker gains unrestricted access to all system resources.

Mitigation

The vulnerability is fixed in macOS Mojave 10.14.6, released on July 22, 2019 [1]. Users should update to this version or later. Apple does not provide workarounds for this issue. No evidence of CVE-2019-8695 being listed on the CISA KEV was found in the available references.