CVE-2019-8827 — Apple Icloud FOR Windows vulnerability

8 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS AND Ipados Apple Itunes FOR Windows +6 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages11 packages

▶CVEListV5apple/icloud_for_windowsunspecified — 7.15+1

▶CVEListV5apple/itunes_for_windowsunspecified — 12.10

▶NVDapple/icloud10.0 — 10.9.2+1

▶CVEListV5apple/tvosunspecified — 13.2

▶NVDapple/tvos< 13.2

🔴Vulnerability Details

GHSA

GHSA-8r87-v426-r4cm: The HTTP referrer header may be used to leak browsing history↗2022-05-24

▶

CVEList

CVE-2019-8827: The HTTP referrer header may be used to leak browsing history↗2020-10-27

▶

📋Vendor Advisories

Apple

CVE-2019-8827: iCloud for Windows 7.15↗2019-10-30

▶

Apple

CVE-2019-8827: iTunes 12.10.2 for Windows↗2019-10-30

▶

Apple

CVE-2019-8827: iOS 13.2 and iPadOS 13.2↗2019-10-28

▶

Apple

CVE-2019-8827: tvOS 13.2↗2019-10-28

▶

Apple

CVE-2019-8827: Safari 13.0.3↗2019-10-28

▶