CVE-2019-8898

4.3MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
TV OS
Safari
Itunes For Windows
Vendor
CVE Published:
27 October 2020

Summary

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.

Affected Version(s)

iOS and iPadOS < 13.3

iTunes for Windows < 12.10

Safari < 13.0

References

https://support.apple.com/en-us/HT210785
x_refsource_MISC
https://support.apple.com/en-us/HT210790
x_refsource_MISC
https://support.apple.com/en-us/HT210793
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.