CVE-2019-8503

Name of the Vulnerable Software and Affected Versions iOS versions prior to 12.2 tvOS versions prior to 12.2 Safari versions prior to 12.1 iTunes for Windows versions prior to 12.9.4 iCloud for Windows versions prior to 7.11 WebKitGTK (affected versions not specified) WPE WebKit (affected versions not specified)

Description A logic issue was addressed with improved validation, which may allow a malicious website to execute scripts in the context of another website. The issue is related to insecure privilege management in WebKitGTK and WPE WebKit modules, which can be exploited by a remote attacker using a specially crafted web page to execute arbitrary code.

Recommendations For iOS versions prior to 12.2, update to iOS 12.2 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For Safari versions prior to 12.1, update to Safari 12.1 or later. For iTunes for Windows versions prior to 12.9.4, update to iTunes 12.9.4 or later. For iCloud for Windows versions prior to 7.11, update to iCloud for Windows 7.11 or later. For WebKitGTK and WPE WebKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.