CVE-2019-8754

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.15.1 Security Update versions prior to 2019-001 Security Update versions prior to 2019-006

Description A cross-origin issue existed with iframe elements, allowing a malicious HTML document to potentially render iframes with sensitive user information. This issue was addressed with improved tracking of security origins.

Recommendations For macOS versions prior to 10.15.1, update to macOS Catalina 10.15.1 or later. For systems requiring Security Update 2019-001 or 2019-006, apply the respective security update. As a temporary workaround, consider restricting the use of iframe elements in HTML documents until the issue is resolved.