CVE-2019-8898 — Insecure Storage of Sensitive Information in Apple IOS AND Ipados

CWE-922 — Insecure Storage of Sensitive Information7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 36.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Itunes FOR Windows Apple Safari +4 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5apple/itunes_for_windowsunspecified — 12.10

▶CVEListV5apple/tvosunspecified — 13.3

▶NVDapple/tvos< 13.3

▶CVEListV5apple/safariunspecified — 13.0

▶NVDapple/ipados< 13.3

🔴Vulnerability Details

GHSA

GHSA-755j-9m6f-vcw9: An information disclosure issue existed in the handling of the Storage Access API↗2022-05-24

▶

CVEList

CVE-2019-8898: An information disclosure issue existed in the handling of the Storage Access API↗2020-10-27

▶

📋Vendor Advisories

Apple

CVE-2019-8898: iTunes 12.10.3 for Windows↗2019-12-11

▶

Apple

CVE-2019-8898: Safari 13.0.4↗2019-12-10

▶

Apple

CVE-2019-8898: tvOS 13.3↗2019-12-10

▶

Apple

CVE-2019-8898: iOS 13.3 and iPadOS 13.3↗2019-12-10

▶