9.3
CVSSv2

CVE-2019-8689

Published: 18/12/2019 Updated: 20/12/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Apple Safari could allow a remote malicious user to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Vendor Advisories

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Several security issues were fixed in WebKitGTK+ ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Several vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8644 G Geshev discovered memory corruption issues that can lead to arbitrary code execution CVE-2019-8649 Sergei Glazunov discovered an issue that may lead to universal cross site scripting CVE-2019-8658 akayn discovered an issue that may lea ...
Synopsis Moderate: webkitgtk4 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Exploits

githubcom/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhasecpp#L743 case GetByVal: { unsigned numberOfArgumentsToSkip = 0; if (candidate->op() == PhantomCreateRest) numberOfArgumentsToSkip = candidate->numberOfArgumentsToSkip(); Node* ...

Mailing Lists

Webkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-2 iTunes for Windows 1296 iTunes for Windows 1296 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input valid ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-2 iTunes for Windows 1296 iTunes for Windows 1296 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input valid ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-3 Safari 1212 Safari 1212 is now available and addresses the following: Safari Available for: macOS Sierra 10126, macOS High Sierra 10136, and included in macOS Mojave 10146 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsiste ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-4 watchOS 53 watchOS 53 is now available and addresses the following: Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation CVE-2019-8646: Nat ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 53 watchOS 53 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 53 watchOS 53 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-3 Safari 1212 Safari 1212 is now available and addresses the following: Safari Available for: macOS Sierra 10126, macOS High Sierra 10136, and included in macOS Mojave 10146 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsiste ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-1 iCloud for Windows 713 iCloud for Windows 713 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validatio ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 ------------------------------------------------------------------------ Date reported : August 29, 2019 Advisory ID : WSA-2019-0004 WebKitGTK Advisory URL : webkitgtkorg/ ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4515-1 security () debian org wwwdebianorg/security/ Alberto Garcia September 04, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-3 iCloud for Windows 106 iCloud for Windows 106 is now available and addresses the following: libxslt Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-1 iCloud for Windows 713 iCloud for Windows 713 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validatio ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-4 watchOS 53 watchOS 53 is now available and addresses the following: Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation CVE-2019-8646: Nat ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-23-3 iCloud for Windows 106 iCloud for Windows 106 is now available and addresses the following: libxslt Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-5 tvOS 124 tvOS 124 is now available and addresses the following: Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation CVE-2019-8646: Natalie Si ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 124 tvOS 124 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 124 tvOS 124 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-1 iOS 124 iOS 124 is now available and addresses the following: Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with i ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-5 tvOS 124 tvOS 124 is now available and addresses the following: Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation CVE-2019-8646: Natalie Si ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 124 iOS 124 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to intercept Blu ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-7-22-1 iOS 124 iOS 124 is now available and addresses the following: Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with i ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 124 iOS 124 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to intercept Blu ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 ------------------------------------------------------------------------ Date reported : August 29, 2019 Advisory ID : WSA-2019-0004 WebKitGTK Advisory URL : webkitgtkorg/ ...