CVE-2019-8506

Published: Dec 18, 2019Modified: Oct 23, 2025CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected (9)

Products: Apple: Icloud, Iphone Os, Itunes, Safari, Tvos, Watchos · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

6 products

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Icloud	Before 7.11
Apple Iphone Os	Before 12.2
Apple Itunes	Before 12.9.4
Apple Safari	Before 12.1
Apple Tvos	Before 12.2
Apple Watchos	Before 5.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (13)

https://support.apple.com/HT209599

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209601

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209602

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209603

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209604

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209605

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/HT209599

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT209601

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT209602

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT209603

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT209604

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/HT209605

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8506

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.