CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15...

CVE-2019-8831

The CVE-2019-8831 entry describes a memory corruption vulnerability mitigated by improved memory handling. Affected products span Apple operating systems and devices: macOS Catalina 10.15 and 10.15.1, iOS 13.1, iPadOS 13.1, tvOS 13, and watchOS 6, with fixes delivered via Security Updates (2019-0...

CVE-2019-8831

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code wi...

CVE-2019-8829

CVE-2019-8829 is a memory corruption vulnerability that Apple addressed by improved locking. The advisory notes that an attacker may cause arbitrary code execution with kernel privileges. Affected products include macOS Catalina 10.15.1 and Security Update 2019-001/2019-006, watchOS 6.1, tvOS 13....

CVE-2019-8780

CVE-2019-8780 is a kernel-permissions logic vulnerability in Apple’s iOS/iPadOS kernel component that could allow a malicious app to determine the kernel memory layout. The issue is described as a memory corruption/permission logic problem and is fixed in iOS 13.1 and iPadOS 13.1 (and tvOS 13). R...

CVE-2019-8780

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout...

CVE-2019-8809

The CVE-2019-8809 entry describes a validation issue in the kernel that could allow a local application to read a persistent account identifier. It is fixed in macOS Catalina 10.15, iOS 13.1 / iPadOS 13.1, tvOS 13, watchOS 6, and iOS 13. Root cause: a validation logic flaw in kernel pathways. Imp...

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier...

CVE-2019-8799

CVE-2019-8799 affects Apple’s mDNSResponder across Apple platforms (iOS/iPadOS, macOS Catalina, watchOS, tvOS). Root cause: AWDL communications may disclose device names to nearby observers. Resolution: devices updated to replace device names with a random identifier; fixed in iOS 13.1/iPadOS 13....

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications...

CVE-2019-8774

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service...

CVE-2019-8774

CVE-2019-8774 affects Apple’s Books component across iOS/iPadOS and macOS Catalina. A resource-exhaustion (denial-of-service) condition occurs when parsing a maliciously crafted iBooks file, due to input validation weaknesses in Books. Apple patched this in iOS 13.1, iPadOS 13.1, and macOS Catali...

CVE-2019-8773

CVE-2019-8773 describes memory corruption issues in WebKit affecting how malicious web content is processed across Apple platforms. The root cause is multiple memory corruption vulnerabilities in WebKit, addressed by improved memory handling. Impact: processing maliciously crafted web content may...

CVE-2019-8773

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to...

CVE-2019-8751

Summary of CVE-2019-8751 (Apple WebKit/WebKit-Engine) : This CVE corresponds to memory corruption vulnerabilities in WebKit that could be triggered by processing malicious web content, potentially allowing arbitrary code execution. Apple’s security content ties CVE-2019-8751 to Safari/WebKit comp...

CVE-2019-8762

CVE-2019-8762 is a WebKit/Web content validation issue resolved across multiple Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Patches are included in Safari 13.0.1, iOS/iPadOS 13.1, tvOS 13, iCloud for Windows 10.7, iCloud for...

CVE-2019-8762

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting...

CVE-2019-8752

CVE-2019-8752 is a memory corruption issue in WebKit that affects Safari and related Apple platforms (Safari/WebKit stack handling malicious web content). The root cause is memory corruption in WebKit components, with the published impact: arbitrary code execution if a user visits a maliciously c...

CVE-2019-8752

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to...

CVE-2019-8740

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges...