CVE-2019-8771
First published: Thu Sep 19 2019(Updated: )
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
Credit: Eliya Stein ConfiantEliya Stein Confiant product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <13.0.1 | 13.0.1 |
| redhat/webkitgtk | <2.26.0 | 2.26.0 |
| Apple Safari | <13.0.1 | |
| Apple iPhone OS | <13.0. | |
| Apple iOS | <13 | 13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210605 (Advisory)
- https://support.apple.com/en-us/HT210606 (Advisory)
- https://access.redhat.com/security/cve/CVE-2019-8771
- https://webkitgtk.org/security/WSA-2019-0005.html
- https://access.redhat.com/errata/RHSA-2020:4035
- https://access.redhat.com/security/cve/cve-2019-8771
- https://access.redhat.com/errata/RHSA-2020:4451
- https://bugzilla.redhat.com/show_bug.cgi?id=1876619
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8654
- CVE-2019-8725
- CVE-2019-8771
- CVE-2019-8710
- CVE-2019-8743
- CVE-2019-8751
- CVE-2019-8752
- CVE-2019-8763
- CVE-2019-8765
- CVE-2019-8766
- CVE-2019-8773
- CVE-2019-8764
- CVE-2019-8762
- CVE-2020-9932
- CVE-2019-8711
- CVE-2019-8732
- CVE-2019-8753
- CVE-2019-8705
- CVE-2019-8592
- CVE-2019-8741
- CVE-2019-8825
- CVE-2019-8760
- CVE-2019-8641
- CVE-2019-8746
- CVE-2019-8718
- CVE-2019-8703
- CVE-2019-8809
- CVE-2019-8709
- CVE-2019-8712
- CVE-2019-8744
- CVE-2019-8717
- CVE-2019-8704
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8742
- CVE-2019-8730
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8731
- CVE-2019-8727
- CVE-2019-8745
- CVE-2019-8625
- CVE-2019-8719
- CVE-2019-8707
- CVE-2019-8726
- CVE-2019-8728
- CVE-2019-8733
- CVE-2019-8734
- CVE-2019-8735
- CVE-2019-8768
- CVE-2019-8674
- CVE-2019-8854
Frequently Asked Questions
What is the severity of CVE-2019-8771?
The severity of CVE-2019-8771 is medium with a CVSS score of 6.1.
Which products are affected by CVE-2019-8771?
The affected products include Apple Safari versions up to and excluding 13.0.1, Apple iOS versions up to and excluding 13, and Red Hat WebKitGTK version up to and excluding 2.26.0.
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2019-8771.
How can the vulnerability in CVE-2019-8771 be fixed?
To fix the vulnerability in CVE-2019-8771, update to Safari 13.0.1, iOS 13, or WebKitGTK 2.26.0.
Where can I find more information about CVE-2019-8771?
More information about CVE-2019-8771 can be found at the following references: [Apple Support](https://support.apple.com/en-us/HT210605), [Apple Support](https://support.apple.com/en-us/HT210606), [Red Hat Security](https://access.redhat.com/security/cve/CVE-2019-8771).
- collector/apple-support
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-8771
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple ios
- package-manager/redhat