CVE-2019-8506
Summary
| CVE | CVE-2019-8506 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-18 18:15:00 UTC |
| Updated | 2021-05-18 12:59:00 UTC |
| Description | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. |
Risk And Classification
EPSS: 0.080640000 probability, percentile 0.921040000 (date 2026-04-01)
CISA KEV: Listed on 2022-05-04; due 2022-05-25; ransomware use Unknown
Problem Types: CWE-843
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products Type Confusion Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2019-8506 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of iTunes 12.9.4 for Windows - Apple Support | MISC | support.apple.com | Vendor Advisory |
| About the security content of tvOS 12.2 - Apple Support | MISC | support.apple.com | Vendor Advisory |
| About the security content of iOS 12.2 - Apple Support | MISC | support.apple.com | Vendor Advisory |
| About the security content of watchOS 5.2 - Apple Support | MISC | support.apple.com | Vendor Advisory |
| About the security content of Safari 12.1 - Apple Support | MISC | support.apple.com | Vendor Advisory |
| About the security content of iCloud for Windows 7.11 - Apple Support | MISC | support.apple.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377553 Alibaba Cloud Linux Security Update for webkitgtk4 (ALINUX2-SA-2020:0147)
- 501282 Alpine Linux Security Update for webkit2gtk
- 505503 Alpine Linux Security Update for webkit2gtk
- 710127 Gentoo Linux WebkitGTK+ Multiple vulnerabilities (GLSA 201909-05)
- 940366 AlmaLinux Security Update for GNOME (ALSA-2019:3553)
- 960235 Rocky Linux Security Update for GNOME (RLSA-2019:3553)