Sign-up

ID

VAR-201912-0580


CVE

CVE-2019-8654


TITLE

Safari Inconsistent user interface vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013277

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A security vulnerability exists in versions of Apple Safari prior to 13.0.1. CVE-2019-8654: Juno Im (@junorouse) of Theori Service Workers Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 Impact: Service workers may leak private browsing history Description: The issue was addressed with improved handling of service worker lifetime. CVE-2019-8725: Michael Thwaite of Connect Media Additional recognition Safari We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) of TurkishKit for their assistance. Installation note: Safari 13.0.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGWkACgkQBz4uGe3y 0M1rohAAqaD5bYeP305cUxNucHOv/KOKf6LVk2GK71oLTgIHTGKInLKCD3xZ7Ml/ jOYFbMFDbDyi/lTepa5+yAWcvuB40T7AqstwnG/Ntwzi1LfCRnCHE60lZ/6ACLCC SB0KRxrhWwgUiZamtSRVeg4ZzDn/5sYwzQgmWx8Oa+/31Ch6TgyvGmljG4vt2Ijx Vvnvml7IY/glnp53XsmkkvXwr6gOYEA8oFPPaBQnkDQl9voUQhWvZ2HvqZSxJ8NB Mwj77QOPnNnFNp4Av0CI8tAWZbH6SPpkZZ12OwX2cAyXfa25ptolSOHp51Fs6X+Y fiOUr1L8ozxTM4vr2MlQYQw6enQ6qyp48hfBWzq6aEpuXJ/BMbfTqnf9rZYdRUpA Lsxp4CaE6wlrdZXuL2Cj6aiLzvHCiROpGuJrKNBMZqShGjB6q5gTPqWRueeKRH+W +ywhftihfw+MpiHd56dat+iOFKDfnSmSkRya85sLbN0UNMSJzRb8sdPWBZ2KCwWk xkyUDaDaVQaEj17FQ18hUrBX38wjpp9yD7nDNcQdr60P0Xm2eCt0lspwiCE3gl1p DfZiCC1QROE6zIZJktTy9ygZcnBerFY60M7tN0qcf+x6vkfIska+CJChz14qd7+p ag/jn1JHTThJFRenF1P6W70k8rWsHbv5VuyL9Mih0RX0UVBptes= =gcEu -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2019-8654 // JVNDB: JVNDB-2019-013277 // VULHUB: VHN-160089 // PACKETSTORM: 154657

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:13.0.1

Trust: 1.0

vendor:applemodel:safariscope:ltversion:13.0.1 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:13.0.1 (macos mojave 10.14.6)

Trust: 0.8

sources: JVNDB: JVNDB-2019-013277 // NVD: CVE-2019-8654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8654
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-8654
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-160089
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8654
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-160089
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8654
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-8654
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160089 // JVNDB: JVNDB-2019-013277 // CNNVD: CNNVD-201909-1293 // NVD: CVE-2019-8654

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-160089 // JVNDB: JVNDB-2019-013277 // NVD: CVE-2019-8654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1293

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013277

PATCH
title:HT210605url:https://support.apple.com/en-us/HT210605
Trust: 0.8
title:HT210605url:https://support.apple.com/ja-jp/HT210605
Trust: 0.8
title:Apple Safari Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98680
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013277 // 
            
            
            
            CNNVD: CNNVD-201909-1293

EXTERNAL IDS
db:NVDid:CVE-2019-8654
Trust: 2.6
db:PACKETSTORMid:154657
Trust: 0.8
db:JVNid:JVNVU98778455
Trust: 0.8
db:JVNDBid:JVNDB-2019-013277
Trust: 0.8
db:CNNVDid:CNNVD-201909-1293
Trust: 0.7
db:AUSCERTid:ESB-2019.3649
Trust: 0.6
db:VULHUBid:VHN-160089
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160089 // 
            
            
            
            JVNDB: JVNDB-2019-013277 // 
            
            
            
            PACKETSTORM: 154657 // 
            
            
            
            CNNVD: CNNVD-201909-1293 // 
            
            
            
            NVD: CVE-2019-8654

REFERENCES
url:https://support.apple.com/ht210605
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-8654
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8654
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98778455/
Trust: 0.8
url:https://support.apple.com/en-au/ht210605
Trust: 0.6
url:https://packetstormsecurity.com/files/154657/apple-security-advisory-2019-9-26-9.html
Trust: 0.6
url:https://support.apple.com/en-us/ht210605
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3649/
Trust: 0.6
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8725
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160089 // 
            
            
            
            JVNDB: JVNDB-2019-013277 // 
            
            
            
            PACKETSTORM: 154657 // 
            
            
            
            CNNVD: CNNVD-201909-1293 // 
            
            
            
            NVD: CVE-2019-8654

CREDITS
Apple
Trust: 0.7
sources:
            
            
            PACKETSTORM: 154657 // 
            
            
            
            CNNVD: CNNVD-201909-1293

SOURCES
db:VULHUBid:VHN-160089
db:JVNDBid:JVNDB-2019-013277
db:PACKETSTORMid:154657
db:CNNVDid:CNNVD-201909-1293
db:NVDid:CVE-2019-8654

LAST UPDATE DATE
2024-11-23T20:53:19.627000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160089date:2019-12-19T00:00:00
db:JVNDBid:JVNDB-2019-013277date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201909-1293date:2021-10-29T00:00:00
db:NVDid:CVE-2019-8654date:2024-11-21T04:50:14.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-160089date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013277date:2019-12-25T00:00:00
db:PACKETSTORMid:154657date:2019-09-29T17:32:22
db:CNNVDid:CNNVD-201909-1293date:2019-09-27T00:00:00
db:NVDid:CVE-2019-8654date:2019-12-18T18:15:31.350