About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
Requires iOS 9.0 or later. Compatible with iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6S, iPhone 6S Plus, iPhone SE (1st generation), iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd generation), iPad Air, iPad Air Wi‑Fi + Cellular, iPad mini 2, iPad mini 2 Wi‑Fi.
For more information about security, see the Apple Product Security page.
Mac App Store is the simplest way to find and download apps for your Mac. To download apps from the Mac App Store, you need a Mac with OS X 10.6.6 or later. Download macOS Catalina for an all‑new entertainment experience. Your music, TV shows, movies, podcasts, and audiobooks will transfer automatically to the Apple Music, Apple TV, Apple Podcasts, and Apple Books apps where you’ll still have access to your favorite iTunes features, including purchases, rentals, and imports. Mac OS X Snow Leopard (version 10.6) is the seventh major release of Mac OS X (now named macOS), Apple's desktop and server operating system for Macintosh computers. Snow Leopard was publicly unveiled on June 8, 2009 at the Apple Worldwide Developers Conference.On August 28, 2009, it was released worldwide, and was made available for purchase from Apple's website and its retail stores at.
iCloud for Windows 10.6
Released July 23, 2019
libxslt
Available for: Windows 10 and later via the Microsoft Store
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input validation.
CVE-2019-13118: found by OSS-Fuzz
WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.
CVE-2019-8690: Sergei Glazunov of Google Project Zero
WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative
CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8671: Apple
CVE-2019-8672: Samuel Groß of Google Project Zero
CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8677: Jihui Lu of Tencent KeenLab
CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech
CVE-2019-8679: Jihui Lu of Tencent KeenLab
CVE-2019-8680: Jihui Lu of Tencent KeenLab
CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL
CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative
CVE-2019-8687: Apple
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
![Store Store](/uploads/1/1/9/5/119585234/822373722.jpg)
CVE-2019-8689: lokihardt of Google Project Zero
Entry updated September 17, 2019
WebKit
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Apple Store Snow Leopard 10.6
Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.
App Store 10.6.8
CVE-2019-8649: Sergei Glazunov of Google Project Zero