CVE-2019-8649

Name of the Vulnerable Software and Affected Versions Safari versions prior to 12.1.2 iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6

Description The issue exists due to a logic problem in handling synchronous page loads, which may allow a remote attacker to conduct a universal cross-site scripting attack using a specially crafted website. This can be achieved by processing maliciously crafted web content. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Safari version prior to 12.1.2, update to version 12.1.2 or later. For iOS version prior to 12.4, update to version 12.4 or later. For macOS Mojave version prior to 10.14.6, update to version 10.14.6 or later. For tvOS version prior to 12.4, update to version 12.4 or later. For iTunes for Windows version prior to 12.9.6, update to version 12.9.6 or later. For iCloud for Windows version prior to 7.13 and 10.6, update to version 7.13 or 10.6 or later.