Injection Vulnerability in Shazam Android and iOS Apps by Apple
CVE-2019-8792

8.8HIGH

Key Information:

Vendor: Apple
Status: Shazam-android; Shazam-iOS
Vendor: CVE Published:; 18 December 2019

What is CVE-2019-8792?

A significant injection vulnerability has been identified in the Shazam applications for Android and iOS. This vulnerability arises due to insufficient validation, which may allow an attacker to craft a malicious URL. If processed by the affected app versions, this can lead to the execution of arbitrary JavaScript code, potentially compromising user data and app integrity. The issue has been addressed in the latest updates, with users urged to upgrade to ensure protection against this threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Shazam-Android < unspecified

Shazam-iOS < unspecified

References

https://support.apple.com/HT210744

x_refsource_MISC

https://support.apple.com/HT210745

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Feb 18, 2019

JSON

Apple

What is CVE-2019-8792?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.