Main Vulnerability Database Vulnerabilities #VU30532

Input validation error in iPadOS - CVE-2019-8788

Published: December 18, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30532

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-8788

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
iPadOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.

How to mitigate CVE-2019-8788

Install update from vendor's website.

Sources

https://support.apple.com/HT210721
https://support.apple.com/HT210722

Input validation error in iPadOS - CVE-2019-8788

Detailed vulnerability description

How to mitigate CVE-2019-8788

Sources

Please verify you're human