PT-2019-19057 · Apple · Ios+1
Ryan Pickren
·
Published
2019-12-18
·
Updated
2019-12-31
·
CVE-2019-8505
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 12.2
Safari versions prior to 12.1
Description
A logic issue was addressed with improved validation. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
Recommendations
For iOS versions prior to 12.2, update to iOS 12.2 to resolve the issue.
For Safari versions prior to 12.1, update to Safari 12.1 to resolve the issue.
As a temporary workaround, consider disabling the Safari Reader feature until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Safari
Ios