CVE-2019-8789
First published: Mon Oct 28 2019(Updated: )
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.
Credit: Gertjan Franken imecKU Leuven Gertjan Franken imecKU Leuven product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPadOS | <13.2 | |
| Apple iPhone OS | <13.2 | |
| Apple Mac OS X | <10.15.1 | |
| Apple iOS | <13.2 | 13.2 |
| Apple iPadOS | <13.2 | 13.2 |
| Apple macOS Catalina | <10.15.1 | 10.15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8803
- CVE-2019-8788
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8795
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8784
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8804
- CVE-2019-8793
- CVE-2019-8813
- CVE-2019-8782
- CVE-2019-8783
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8814
- CVE-2019-8816
- CVE-2019-8819
- CVE-2019-8820
- CVE-2019-8821
- CVE-2019-8822
- CVE-2019-8823
- CVE-2019-8827
- CVE-2019-8815
- CVE-2019-15126
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8824
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8592
- CVE-2019-8705
- CVE-2019-8825
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8509
- CVE-2019-8746
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8807
- CVE-2019-8759
- CVE-2019-8801
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8744
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8802
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8761
Frequently Asked Questions
What is CVE-2019-8789?
CVE-2019-8789 is a validation issue that existed in the handling of symlinks, which could lead to the disclosure of user information when parsing a maliciously crafted iBooks file.
Which Apple products are affected by CVE-2019-8789?
iOS versions up to 13.2, iPadOS versions up to 13.2, and macOS Catalina versions up to 10.15.1 are affected by CVE-2019-8789.
How severe is CVE-2019-8789?
CVE-2019-8789 has a severity rating of medium and a CVSS score of 5.5.
How can I fix CVE-2019-8789?
CVE-2019-8789 has been fixed in iOS 13.2 and iPadOS 13.2, as well as macOS Catalina 10.15.1. To protect yourself, make sure to update your devices to the latest software version.
Where can I find more information about CVE-2019-8789?
You can find more information about CVE-2019-8789 on the Apple support website. Here are some useful links: [Support Article 1](https://support.apple.com/en-us/HT210721), [Support Article 2](https://support.apple.com/en-us/HT210722), [Support Article 3](https://support.apple.com/HT210721).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos catalina
- canonical/apple iphone os
- canonical/apple mac os x