Main Vulnerability Database Vulnerabilities #VU33402

Out-of-bounds read - CVE-2019-8658

Published: December 18, 2019 / Updated: August 4, 2020

Vulnerability identifier: #VU33402

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-8658

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

How to mitigate CVE-2019-8658

Install update from vendor's website.

Sources

https://support.apple.com/HT210346
https://support.apple.com/HT210348
https://support.apple.com/HT210351
https://support.apple.com/HT210353
https://support.apple.com/HT210355
https://support.apple.com/HT210356
https://support.apple.com/HT210357
https://support.apple.com/HT210358

Out-of-bounds read - CVE-2019-8658

Detailed vulnerability description

How to mitigate CVE-2019-8658

Sources

Please verify you're human