CVE-2019-8766
First published: Tue Sep 24 2019(Updated: )
WebKit. Multiple memory corruption issues were addressed with improved memory handling.
Credit: found by OSS-Fuzz zhunki Codesafe Team of Legendsec at QiDongzhuo Zhao ADLab of VenustechSergei Glazunov Google Project ZeroSamuel Groß Google Project Zeroan anonymous researcher Trend Microcc Trend Micro Zero Day InitiativeJihui Lu Tencent KeenLabJunho Jang LINE Security TeamHanul Choi ABLY CorporationG. Geshev Trend Micro Zero Day InitiativeSoyeon Park SSLab at Georgia TechJunDong Xie Ant product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/webkitgtk | <2.26.0 | 2.26.0 |
| tvOS | <13 | 13 |
| Apple Mobile Safari | <13.0.1 | 13.0.1 |
| Apple iOS, iPadOS, and watchOS | <13.1 | 13.1 |
| Apple iOS, iPadOS, and watchOS | <13.1 | 13.1 |
| Apple iOS, iPadOS, and watchOS | <6.1 | 6.1 |
| Apple iCloud for Windows | <10.8 | |
| Apple iOS, iPadOS, and watchOS | <6.1 | |
| Apple iTunes | <12.10.1 | 12.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210603 (Advisory)
- https://support.apple.com/en-us/HT210604 (Advisory)
- https://support.apple.com/en-us/HT210605 (Advisory)
- https://support.apple.com/en-us/HT210635 (Advisory)
- https://support.apple.com/en-us/HT210724 (Advisory)
- https://security.gentoo.org/glsa/202003-22
- https://support.apple.com/HT210724
- https://support.apple.com/HT210727
- https://access.redhat.com/security/cve/CVE-2019-8766
- https://webkitgtk.org/security/WSA-2019-0006.html
- https://access.redhat.com/errata/RHSA-2020:4035
- https://access.redhat.com/security/cve/cve-2019-8766
- https://access.redhat.com/errata/RHSA-2020:4451
- https://bugzilla.redhat.com/show_bug.cgi?id=1876543
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8747
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8753
- CVE-2019-8592
- CVE-2019-8741
- CVE-2019-8705
- CVE-2019-8746
- CVE-2019-8718
- CVE-2019-8703
- CVE-2019-8740
- CVE-2019-8809
- CVE-2019-8712
- CVE-2019-8744
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8780
- CVE-2019-8704
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8799
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8764
- CVE-2019-8707
- CVE-2019-8710
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8762
- CVE-2020-9932
- CVE-2019-8854
- CVE-2019-8654
- CVE-2019-8725
- CVE-2019-8771
- CVE-2019-8774
- CVE-2019-8901
- CVE-2019-8775
- CVE-2019-8769
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8803
- CVE-2019-8785
- CVE-2019-8797
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8816
- CVE-2019-8820
- CVE-2019-8825
Frequently Asked Questions
What is CVE-2019-8766?
CVE-2019-8766 is a vulnerability that affects WebKit, which is the browser engine used by Apple Safari, iOS, iPadOS, and other Apple products.
How severe is CVE-2019-8766?
CVE-2019-8766 has a severity score of 8.8 out of 10, indicating a high severity.
Which software versions are affected by CVE-2019-8766?
Versions up to and excluding WebKitGTK 2.26.0, watchOS 6.1, and iCloud for Windows 11.0 are affected by CVE-2019-8766.
How can I fix CVE-2019-8766?
To fix CVE-2019-8766, update to WebKitGTK 2.26.0, watchOS 6.1, or iCloud for Windows 11.0 or later versions.
Where can I find more information about CVE-2019-8766?
More information about CVE-2019-8766 can be found on the Apple support website: [https://support.apple.com/en-us/HT210603](https://support.apple.com/en-us/HT210603), [https://support.apple.com/en-us/HT210604](https://support.apple.com/en-us/HT210604), [https://support.apple.com/en-us/HT210635](https://support.apple.com/en-us/HT210635).
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-8766
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2019-8710
- alias/CVE-2019-8726
- alias/CVE-2019-8728
- alias/CVE-2019-8733
- alias/CVE-2019-8734
- alias/CVE-2019-8735
- alias/CVE-2019-8743
- alias/CVE-2019-8751
- alias/CVE-2019-8752
- alias/CVE-2019-8763
- alias/CVE-2019-8765
- alias/CVE-2019-8773
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- alias/CVE-2019-8808
- alias/CVE-2019-8811
- alias/CVE-2019-8812
- alias/CVE-2019-8816
- alias/CVE-2019-8820
- collector/nvd-index
- package-manager/redhat
- vendor/apple
- canonical/tvos
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud for windows
- canonical/apple itunes