PT-2019-4907 · Apple+4 · Itunes For Windows+12
Akayn
·
Published
2019-07-24
·
Updated
2020-10-20
·
CVE-2019-8658
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Safari versions prior to 12.1.2
iOS versions prior to 12.4
macOS Mojave versions prior to 10.14.6
tvOS versions prior to 12.4
watchOS versions prior to 5.3
iTunes for Windows versions prior to 12.9.6
iCloud for Windows versions prior to 10.6
Description
A logic issue was addressed with improved state management, which may lead to universal cross-site scripting when processing maliciously crafted web content. The vulnerability is related to a buffer overflow in the WebKit module, allowing a remote attacker to conduct a cross-site scripting attack using a specially crafted website.
Recommendations
For Safari versions prior to 12.1.2, update to version 12.1.2 or later.
For iOS versions prior to 12.4, update to version 12.4 or later.
For macOS Mojave versions prior to 10.14.6, update to version 10.14.6 or later.
For tvOS versions prior to 12.4, update to version 12.4 or later.
For watchOS versions prior to 5.3, update to version 5.3 or later.
For iTunes for Windows versions prior to 12.9.6, update to version 12.9.6 or later.
For iCloud for Windows versions prior to 10.6, update to version 10.6 or later.
Exploit
Fix
Out of bounds Read
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Red Hat
Safari
Suse
Ubuntu
Webkit
Icloud For Windows
Ios
Itunes
Itunes For Windows
Macos Mojave
Tvos
Watchos