Vulnerability CVE-2019-8672


Published: 2019-12-18

Description:
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

See advisories in our WLB2 database:
Topic
Author
Date
High
JSC ValueProfiles JSValue Use-After-Free
saelo
30.07.2019
Low
WebKitGTK+ / WPE WebKit Code Execution / XSS
WebKitGTK
02.09.2019

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Apple -> Icloud 
Apple -> Itunes 
Apple -> Safari 
Apple -> Iphone os 
Apple -> Mac os x 
Apple -> TVOS 
Apple -> Watchos 

 References:
https://support.apple.com/HT210346
https://support.apple.com/HT210348
https://support.apple.com/HT210351
https://support.apple.com/HT210353
https://support.apple.com/HT210355
https://support.apple.com/HT210356
https://support.apple.com/HT210357
https://support.apple.com/HT210358

Copyright 2024, cxsecurity.com

 

Back to Top