CVE-2019-8625: XSS
First published: Thu Sep 19 2019(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Credit: Sergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project ZeroSergei Glazunov Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/webkitgtk | <2.26.0 | 2.26.0 |
| tvOS | <13 | 13 |
| Apple Mobile Safari | <13 | 13 |
| Apple iOS, iPadOS, and watchOS | <13 | 13 |
| Apple iCloud | <10.7 | 10.7 |
| Apple iCloud | <7.14 | 7.14 |
| Apple iTunes | <12.10.1 | 12.10.1 |
| Apple iCloud for Windows | <7.14 | |
| Apple iCloud for Windows | >=10.0<10.7 | |
| Apple iTunes for Windows | <12.10.1 | |
| WebKitGTK+ | <2.26.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210604 (Advisory)
- https://support.apple.com/en-us/HT210606 (Advisory)
- https://support.apple.com/en-us/HT210608 (Advisory)
- https://support.apple.com/en-us/HT210635 (Advisory)
- https://support.apple.com/en-us/HT210636 (Advisory)
- https://support.apple.com/en-us/HT210637 (Advisory)
- https://security.gentoo.org/glsa/202003-22
- https://support.apple.com/HT210635
- https://support.apple.com/HT210636
- https://support.apple.com/HT210637
- https://access.redhat.com/security/cve/CVE-2019-8625
- https://webkitgtk.org/security/WSA-2019-0005.html
- https://access.redhat.com/errata/RHSA-2020:4035
- https://access.redhat.com/security/cve/cve-2019-8625
- https://access.redhat.com/errata/RHSA-2020:4451
- https://bugzilla.redhat.com/show_bug.cgi?id=1876607
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8747
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8753
- CVE-2019-8592
- CVE-2019-8741
- CVE-2019-8705
- CVE-2019-8746
- CVE-2019-8718
- CVE-2019-8703
- CVE-2019-8740
- CVE-2019-8809
- CVE-2019-8712
- CVE-2019-8744
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8780
- CVE-2019-8704
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8799
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8764
- CVE-2019-8707
- CVE-2019-8710
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8762
- CVE-2020-9932
- CVE-2019-8854
- CVE-2019-8674
- CVE-2019-8711
- CVE-2019-8732
- CVE-2019-8825
- CVE-2019-8760
- CVE-2019-8641
- CVE-2019-8742
- CVE-2019-8730
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8731
- CVE-2019-8727
- CVE-2019-8771
- CVE-2019-8768
Frequently Asked Questions
What is CVE-2019-8625?
CVE-2019-8625 is a vulnerability related to a logic issue in WebKit that has been addressed with improved state management.
What is the severity of CVE-2019-8625?
The severity of CVE-2019-8625 is medium with a CVSS score of 6.1.
How does CVE-2019-8625 affect affected software?
CVE-2019-8625 affects software such as Apple iTunes for Windows, iCloud for Windows, and WebKitGTK+ by allowing universal cross-site scripting when processing maliciously crafted web content.
How can I fix CVE-2019-8625?
To fix CVE-2019-8625, update to the fixed versions of the affected software listed in the Apple security advisories: [HT210606](https://support.apple.com/en-us/HT210606), [HT210604](https://support.apple.com/en-us/HT210604), and [HT210608](https://support.apple.com/en-us/HT210608).
What is the CWE classification for CVE-2019-8625?
CVE-2019-8625 is classified under CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-8625
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2019-8719
- alias/CVE-2019-8764
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- package-manager/redhat
- vendor/apple
- canonical/tvos
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- canonical/apple itunes
- canonical/apple icloud for windows
- version/apple icloud for windows/10.0
- canonical/apple itunes for windows
- vendor/webkitgtk
- canonical/webkitgtk+