Back to KEVs

CVE-2019-8506

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 18, 2019
Published Date
December 18, 2019
Last Updated
January 29, 2025
Vendor
Apple
Product
iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
Description
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Tags
windows ios cisa

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-05-04 00:00:00 UTC) Source

References

https://support.apple.com/HT209599 https://support.apple.com/HT209601 https://support.apple.com/HT209603 https://support.apple.com/HT209604 https://support.apple.com/HT209605 https://support.apple.com/HT209602

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-04 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel