Logic Issue in Synchronous Page Loads in Apple Products
CVE-2019-8649

6.1MEDIUM

Key Information:

Vendor
Apple
Status
iOS
Mac OS
TV OS
Safari
Vendor
CVE Published:
18 December 2019

Summary

A logic issue has been identified in the handling of synchronous page loads across various Apple products. This vulnerability may allow potentially harmful web content to exploit the affected applications, leading to universal cross site scripting. Apple has addressed this concern by implementing improved state management in their latest updates for iOS, macOS, tvOS, and other products, ensuring users have a safer experience when browsing the web. Users are strongly advised to update their systems to the latest versions to mitigate the associated risks.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Microsoft Store) < unspecified

iOS < unspecified

References

https://support.apple.com/HT210346
x_refsource_MISC
https://support.apple.com/HT210348
x_refsource_MISC
https://support.apple.com/HT210351
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.