PT-2019-4804 · Apple+6 · Itunes For Windows+12

Sergei Glazunov

·

Publicado

2019-08-29

·

Atualizado

2022-01-20

·

CVE-2019-8690

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Safari versions prior to 12.1.2 iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6
Description The issue is related to a logic problem in handling document loads, which may allow a remote attacker to perform a cross-site scripting attack by processing maliciously crafted web content. This could lead to universal cross-site scripting.
Recommendations For Safari version prior to 12.1.2, update to version 12.1.2 or later. For iOS version prior to 12.4, update to version 12.4 or later. For macOS Mojave version prior to 10.14.6, update to version 10.14.6 or later. For tvOS version prior to 12.4, update to version 12.4 or later. For iTunes for Windows version prior to 12.9.6, update to version 12.9.6 or later. For iCloud for Windows version prior to 7.13 and 10.6, update to version 7.13 or 10.6 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALSA-2019:3553
BDU:2020-01382
CESA-2019_3553
CESA-2020_4035
CVE-2019-8690
DSA-4515-1
MGASA-2019-0281
OPENSUSE-SU-2019:2207-1
OPENSUSE-SU-2019:2208-1
OPENSUSE-SU-2019:2587-1
OPENSUSE-SU-2019:2591-1
OPENSUSE-SU-2019_2207-1
OPENSUSE-SU-2019_2208-1
OPENSUSE-SU-2019_2587-1
OPENSUSE-SU-2019_2591-1
RHSA-2019:3553
RHSA-2019_3553
RHSA-2020:4035
RHSA-2020_4035
RLSA-2019:3553
SUSE-SU-2019:2345-1
SUSE-SU-2019:2345-2
SUSE-SU-2019:2428-1
SUSE-SU-2019:3044-1
SUSE-SU-2022:0142-1
USN-4130-1

Produtos afetados

Almalinux
Centos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Icloud For Windows
Ios
Itunes
Itunes For Windows
Macos Mojave
Tvos