What is CVE-2019-8671?

CVE-2019-8671 is a vulnerability in WebKit that allows processing maliciously crafted web content to lead to arbitrary code execution.

Which software versions are affected by CVE-2019-8671?

CVE-2019-8671 affects WebKitGTK versions up to 2.24.2, iTunes for Windows up to version 12.9.6, iCloud for Windows up to version 7.13, iCloud for Windows from version 10.0 to 10.6, Safari up to version 12.1.2, iOS up to version 12.4, macOS Mojave up to version 10.14.6, and tvOS up to version 12.4.

What is the severity of CVE-2019-8671?

CVE-2019-8671 has a severity rating of 8.8 (high).

How can I fix CVE-2019-8671 in WebKitGTK?

To fix CVE-2019-8671 in WebKitGTK, update to version 2.24.2.

Where can I find more information about CVE-2019-8671?

More information about CVE-2019-8671 can be found at the following references: [Link 1](https://support.apple.com/en-us/HT210348), [Link 2](https://support.apple.com/en-us/HT210351), [Link 3](https://support.apple.com/en-us/HT210357).

Vulnerability/
CVE-2019-8671

high

8.8

CWE

787

22/7/2019

18/12/2019

16/2/2021

CVE-2019-8671

First published: Mon Jul 22 2019(Updated: )

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Credit: G. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLabAnthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationP1umer ADLab of VenustechJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project ZeroG. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLaban anonymous researcher Anthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project ZeroG. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLabAnthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationP1umer ADLab of VenustechJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project ZeroG. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLabAnthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationP1umer ADLab of VenustechJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project ZeroG. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLabAnthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationP1umer ADLab of VenustechJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project ZeroG. Geshev Trend MicroZongming Wang (王宗明) Zhe Jin (金哲) Chengdu Security Response Center of Qihoo 360 Technology Coakayn Trend MicroApple Samuel Groß Google Project ZeroSoyeon Park Wen Xu SSLab at Georgia TechSoyeon Park Wen Xu SSLab at Georgia TechJihui Lu Tencent KeenLabAnthony Lai @darkfloyd1014 KnownsecKen Wong @wwkenwong VXRLJeonghoon Shin @singi21a TheoriJohnny Yu @straight_blast VX Browser Exploitation GroupChris Chan @dr4g0nfl4me VX Browser Exploitation GroupPhil Mok @shadyhamsters VX Browser Exploitation GroupAlan Ho @alan_h0 KnownsecByron Wai VX Browser ExploitationP1umer ADLab of VenustechJihui Lu Tencent KeenLabJihui Lu Tencent KeenLabG. Geshev Trend Micro Zero Day Initiativelokihardt Google Project Zerolokihardt Google Project Zeroakayn Dongzhuo Zhao ADLab of VenustechKen Wong @wwkenwong VXRLAnthony Lai @darkfloyd1014 VXRL Eric Lung @Khlung1 VXRLG. Geshev Trend MicroApple Insu Yun SSLab at Georgia Techlokihardt Google Project Zero product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iTunes for Windows	<12.9.6	12.9.6
Apple iCloud for Windows	<7.13	7.13
Apple iCloud for Windows	<10.6	10.6
Apple macOS Mojave	<10.14.6	10.14.6
Apple High Sierra
Apple Sierra
Apple tvOS	<12.4	12.4
Apple iOS	<12.4	12.4
redhat/webkitgtk	<2.24.2	2.24.2
Apple Icloud Windows	<7.13
Apple Icloud Windows	>=10.0<10.6
Apple Itunes Windows	<12.9.6
Apple Safari	<12.1.2
Apple iPhone OS	<12.4
Apple Mac OS X	<10.14.6
Apple tvOS	<12.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-8671?
CVE-2019-8671 is a vulnerability in WebKit that allows processing maliciously crafted web content to lead to arbitrary code execution.
Which software versions are affected by CVE-2019-8671?
CVE-2019-8671 affects WebKitGTK versions up to 2.24.2, iTunes for Windows up to version 12.9.6, iCloud for Windows up to version 7.13, iCloud for Windows from version 10.0 to 10.6, Safari up to version 12.1.2, iOS up to version 12.4, macOS Mojave up to version 10.14.6, and tvOS up to version 12.4.
What is the severity of CVE-2019-8671?
CVE-2019-8671 has a severity rating of 8.8 (high).
How can I fix CVE-2019-8671 in WebKitGTK?
To fix CVE-2019-8671 in WebKitGTK, update to version 2.24.2.
Where can I find more information about CVE-2019-8671?
More information about CVE-2019-8671 can be found at the following references: [Link 1](https://support.apple.com/en-us/HT210348), [Link 2](https://support.apple.com/en-us/HT210351), [Link 3](https://support.apple.com/en-us/HT210357).

collector/apple-support
alias/CVE-2019-8666
alias/CVE-2019-8669
alias/CVE-2019-8671
alias/CVE-2019-8672
alias/CVE-2019-8673
alias/CVE-2019-8676
alias/CVE-2019-8677
alias/CVE-2019-8678
alias/CVE-2019-8679
alias/CVE-2019-8680
alias/CVE-2019-8681
alias/CVE-2019-8683
alias/CVE-2019-8684
alias/CVE-2019-8685
alias/CVE-2019-8686
alias/CVE-2019-8687
alias/CVE-2019-8688
alias/CVE-2019-8689
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/software-canonical-lookup-request
agent/author
agent/weakness
agent/severity
agent/references
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/event
agent/tags
agent/description
collector/nvd-index
vendor/apple
canonical/apple itunes for windows
canonical/apple icloud for windows
canonical/apple macos mojave
canonical/apple high sierra
canonical/apple sierra
canonical/apple tvos
canonical/apple ios
package-manager/redhat
canonical/apple icloud windows
version/apple icloud windows/10.0
canonical/apple itunes windows
canonical/apple safari
canonical/apple iphone os
canonical/apple mac os x