CVE-2019-8505: XSS

Q: What is CVE-2019-8505?

CVE-2019-8505 is a vulnerability in Safari Reader that allows universal cross-site scripting through a maliciously crafted webpage.

Q: What is the severity level of CVE-2019-8505?

CVE-2019-8505 has a severity level of medium (6.1).

Q: How does CVE-2019-8505 impact me?

CVE-2019-8505 could potentially allow an attacker to execute arbitrary code on your device if they can get you to visit a maliciously crafted webpage.

Q: How can I fix CVE-2019-8505?

To fix CVE-2019-8505, make sure your iOS and Safari are updated to version 12.2 or later.

Q: Where can I find more information about CVE-2019-8505?

You can find more information about CVE-2019-8505 on the Apple support page.

Published Mar 25, 2019

Updated

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

Other sources

Safari Reader. A logic issue was addressed with improved validation.

Credit

Ryan Pickren (ryanpickren.com)

Affected Software

4 affected componentsFixes available

Safari<12.1

12.1

Apple iOS and iPadOS<12.2

12.2

Safari<12.1

iPhone OS<12.2

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-8505?

CVE-2019-8505 is a vulnerability in Safari Reader that allows universal cross-site scripting through a maliciously crafted webpage.

What is the severity level of CVE-2019-8505?