CVE-2019-8827

4.3MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
TV OS
Safari
Itunes For Windows
Vendor
CVE Published:
27 October 2020

Summary

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.

Affected Version(s)

iCloud for Windows < 7.15

iCloud for Windows < 10.9

iOS and iPadOS < 13.2

References

https://support.apple.com/en-us/HT210721
x_refsource_MISC
https://support.apple.com/en-us/HT210723
x_refsource_MISC
https://support.apple.com/en-us/HT210725
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.