CVE-2019-8658

Name of the Vulnerable Software and Affected Versions Safari versions prior to 12.1.2 iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 10.6

Description A logic issue was addressed with improved state management, which may lead to universal cross-site scripting when processing maliciously crafted web content. The vulnerability is related to a buffer overflow in the WebKit module, allowing a remote attacker to conduct a cross-site scripting attack using a specially crafted website.

Recommendations For Safari versions prior to 12.1.2, update to version 12.1.2 or later. For iOS versions prior to 12.4, update to version 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to version 10.14.6 or later. For tvOS versions prior to 12.4, update to version 12.4 or later. For watchOS versions prior to 5.3, update to version 5.3 or later. For iTunes for Windows versions prior to 12.9.6, update to version 12.9.6 or later. For iCloud for Windows versions prior to 10.6, update to version 10.6 or later.