logo
DATABASE RESOURCES PRICING ABOUT US

About the security content of Safari 13.0.3 - Apple Support

Description

## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## Safari 13.0.3 Released October 28, 2019 **WebKit** Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher **WebKit** Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: JunDong Xie of Ant-financial Light-Year Security Lab CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel GroƟ of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero Entry updated November 18, 2019 **WebKit** Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Visiting a maliciously crafted website may reveal the sites a user has visited Description: The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. CVE-2019-8827: Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis of Google Security Team Entry added February 3, 2020 **WebKit Process Model** Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## Additional recognition **WebKit** We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance.


Affected Software


CPE Name Name Version
macos mojave 10.14.6
safari 13.0.3
and included in macos catalina 10.15.1

Related