{"api_version":"1","generated_at":"2026-04-23T03:06:04+00:00","cve":"CVE-2019-8506","urls":{"html":"https://cve.report/CVE-2019-8506","api":"https://cve.report/api/cve/CVE-2019-8506.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-8506","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-8506"},"summary":{"title":"CVE-2019-8506","description":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-12-18 18:15:00","updated_at":"2021-05-18 12:59:00"},"problem_types":["CWE-843"],"metrics":[],"references":[{"url":"https://support.apple.com/HT209604","name":"https://support.apple.com/HT209604","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of iTunes 12.9.4 for Windows - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209601","name":"https://support.apple.com/HT209601","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of tvOS 12.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209599","name":"https://support.apple.com/HT209599","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of iOS 12.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209602","name":"https://support.apple.com/HT209602","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of watchOS 5.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209603","name":"https://support.apple.com/HT209603","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of Safari 12.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209605","name":"https://support.apple.com/HT209605","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of iCloud for Windows 7.11 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-8506","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8506","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2019","cve_id":"8506","cve":"CVE-2019-8506","vendorProject":"Apple","product":"Multiple Products","vulnerabilityName":"Apple Multiple Products Type Confusion Vulnerability","dateAdded":"2022-05-04","shortDescription":"A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-05-25","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2019-8506","cwes":"CWE-843","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2019","cve_id":"8506","cve":"CVE-2019-8506","epss":"0.080640000","percentile":"0.921490000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2019-8506","qid":"377553","title":"Alibaba Cloud Linux Security Update for webkitgtk4 (ALINUX2-SA-2020:0147)"},{"cve":"CVE-2019-8506","qid":"501282","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2019-8506","qid":"505503","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2019-8506","qid":"710127","title":"Gentoo Linux WebkitGTK+ Multiple vulnerabilities (GLSA 201909-05)"},{"cve":"CVE-2019-8506","qid":"940366","title":"AlmaLinux Security Update for GNOME (ALSA-2019:3553)"},{"cve":"CVE-2019-8506","qid":"960235","title":"Rocky Linux Security Update for GNOME (RLSA-2019:3553)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-8506","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"iOS 12.2"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"tvOS 12.2"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"watchOS 5.2"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_value":"Safari 12.1"}]}},{"product_name":"iTunes for Windows","version":{"version_data":[{"version_affected":"<","version_value":"iTunes 12.9.4 for Windows"}]}},{"product_name":"iCloud for Windows","version":{"version_data":[{"version_affected":"<","version_value":"iCloud for Windows 7.11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to arbitrary code execution"}]}]},"references":{"reference_data":[{"url":"https://support.apple.com/HT209599","refsource":"MISC","name":"https://support.apple.com/HT209599"},{"url":"https://support.apple.com/HT209601","refsource":"MISC","name":"https://support.apple.com/HT209601"},{"url":"https://support.apple.com/HT209603","refsource":"MISC","name":"https://support.apple.com/HT209603"},{"url":"https://support.apple.com/HT209604","refsource":"MISC","name":"https://support.apple.com/HT209604"},{"url":"https://support.apple.com/HT209605","refsource":"MISC","name":"https://support.apple.com/HT209605"},{"url":"https://support.apple.com/HT209602","refsource":"MISC","name":"https://support.apple.com/HT209602"}]},"description":{"description_data":[{"lang":"eng","value":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution."}]}},"nvd":{"publishedDate":"2019-12-18 18:15:00","lastModifiedDate":"2021-05-18 12:59:00","problem_types":["CWE-843"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"12.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"7.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.9.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"8506","Ordinal":"146342","Title":"CVE-2019-8506","CVE":"CVE-2019-8506","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"8506","Ordinal":"1","NoteData":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"8506","Ordinal":"2","NoteData":"2019-12-18","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"8506","Ordinal":"3","NoteData":"2019-12-18","Type":"Other","Title":"Modified"}]}}}