CVE-2019-8654: Input Validation

Q: What is CVE-2019-8654?

CVE-2019-8654 is a vulnerability in Safari that allows user interface spoofing when visiting a malicious website.

Q: How does CVE-2019-8654 affect Safari?

CVE-2019-8654 affects Safari versions up to and including 13.0.1.

Q: What is the severity of CVE-2019-8654?

CVE-2019-8654 has a severity rating of 6.5 (medium).

Q: How can I fix CVE-2019-8654?

To fix CVE-2019-8654, update Safari to version 13.0.1 or later.

Q: Where can I find more information about CVE-2019-8654?

More information about CVE-2019-8654 can be found on the Apple support website at [https://support.apple.com/en-us/HT210605](https://support.apple.com/en-us/HT210605) and [https://support.apple.com/HT210605](https://support.apple.com/HT210605).

Published Sep 24, 2019

Updated

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.

Other sources

Safari. An inconsistent user interface issue was addressed with improved state management.

Credit

Juno Im@@junorouse(Theori)

Affected Software

2 affected componentsFixes available

Safari<13.0.1

13.0.1

Safari<13.0.1

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210605

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-8654?

CVE-2019-8654 is a vulnerability in Safari that allows user interface spoofing when visiting a malicious website.

How does CVE-2019-8654 affect Safari?