CVE-2019-8752
First published: Thu Sep 19 2019(Updated: )
WebKit. Multiple memory corruption issues were addressed with improved memory handling.
Credit: found by OSS-Fuzz zhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz found by OSS-Fuzz an anonymous researcher Trend Microcc Trend Micro Zero Day Initiativefound by OSS-Fuzz Jihui Lu Tencent KeenLabJunho Jang LINE Security TeamHanul Choi ABLY CorporationSergei Glazunov Google Project Zerofound by OSS-Fuzz G. Geshev Trend Micro Zero Day Initiativezhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz zhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz Junho Jang LINE Security TeamHanul Choi ABLY Corporationfound by OSS-Fuzz Dongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of Venustechfound by OSS-Fuzz an anonymous researcher Trend Microcc Trend Micro Zero Day Initiativefound by OSS-Fuzz Jihui Lu Tencent KeenLabJunho Jang LINE Security TeamHanul Choi ABLY CorporationSergei Glazunov Google Project Zerofound by OSS-Fuzz G. Geshev Trend Micro Zero Day Initiativezhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz found by OSS-Fuzz an anonymous researcher Trend Microcc Trend Micro Zero Day InitiativeJihui Lu Tencent KeenLabJunho Jang LINE Security TeamHanul Choi ABLY CorporationSergei Glazunov Google Project Zerofound by OSS-Fuzz G. Geshev Trend Micro Zero Day Initiativezhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz an anonymous researcher Trend Microcc Trend Micro Zero Day InitiativeJihui Lu Tencent KeenLabJunho Jang LINE Security TeamHanul Choi ABLY CorporationSergei Glazunov Google Project Zerofound by OSS-Fuzz G. Geshev Trend Micro Zero Day Initiativezhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zerofound by OSS-Fuzz product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <13.0.1 | 13.0.1 |
| Apple iCloud for Windows | <10.7 | 10.7 |
| Apple iTunes for Windows | <12.10.1 | 12.10.1 |
| Apple iCloud for Windows | <7.14 | 7.14 |
| Apple watchOS | <6 | 6 |
| Apple tvOS | <13 | 13 |
| Apple iOS | <13.1 | 13.1 |
| Apple iPadOS | <13.1 | 13.1 |
| Apple Icloud Windows | <7.14 | |
| Apple Icloud Windows | >=10.0<10.7 | |
| Apple Itunes Windows | <12.10.1 | |
| Apple Safari | <13.0.1 | |
| Apple Ipad Os | <13.1 | |
| Apple iPhone OS | <13.1 | |
| Apple tvOS | <13 | |
| Apple watchOS | <6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210603 (Advisory)
- https://support.apple.com/en-us/HT210604 (Advisory)
- https://support.apple.com/en-us/HT210605 (Advisory)
- https://support.apple.com/en-us/HT210607 (Advisory)
- https://support.apple.com/en-us/HT210635 (Advisory)
- https://support.apple.com/en-us/HT210636 (Advisory)
- https://support.apple.com/en-us/HT210637 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8654
- CVE-2019-8725
- CVE-2019-8771
- CVE-2019-8710
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8764
- CVE-2019-8762
- CVE-2020-9932
- CVE-2019-8741
- CVE-2019-8825
- CVE-2019-8746
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8745
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8707
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8750
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8753
- CVE-2019-8705
- CVE-2019-8718
- CVE-2019-8703
- CVE-2019-8740
- CVE-2019-8809
- CVE-2019-8712
- CVE-2019-8744
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8799
- CVE-2019-8831
- CVE-2019-8854
- CVE-2019-8747
- CVE-2019-8592
- CVE-2019-8780
- CVE-2019-8704
- CVE-2019-8774
- CVE-2019-8901
- CVE-2019-8775
- CVE-2019-8769
Frequently Asked Questions
What is CVE-2019-8752?
CVE-2019-8752 is a vulnerability in WebKit that allows processing malicious web content to trigger memory corruption.
What is the severity level of CVE-2019-8752?
CVE-2019-8752 has a severity level of 8.8, which is considered high.
Which software products are affected by CVE-2019-8752?
CVE-2019-8752 affects the following software products: Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows.
How can I fix CVE-2019-8752?
To fix CVE-2019-8752, update the affected software to the recommended versions: Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Check the provided references for more information.
Where can I find more information about CVE-2019-8752?
You can find more information about CVE-2019-8752 at the following references provided by Apple: [Reference 1](https://support.apple.com/en-us/HT210603), [Reference 2](https://support.apple.com/en-us/HT210604), [Reference 3](https://support.apple.com/en-us/HT210605).
- collector/apple-support
- alias/CVE-2019-8743
- alias/CVE-2019-8751
- alias/CVE-2019-8752
- alias/CVE-2019-8763
- alias/CVE-2019-8765
- alias/CVE-2019-8766
- alias/CVE-2019-8773
- alias/CVE-2019-8726
- alias/CVE-2019-8728
- alias/CVE-2019-8733
- alias/CVE-2019-8734
- alias/CVE-2019-8735
- alias/CVE-2019-8710
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/references
- agent/event
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple safari
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple icloud windows
- version/apple icloud windows/10.0
- canonical/apple itunes windows
- canonical/apple ipad os
- canonical/apple iphone os