CVE-2019-8834
Description
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.
CWE
- (none)
Affected
- Apple / iOS and iPadOS — v=unspecified <13.3 [affected]
- Apple / macOS — v=unspecified <10.15 [affected]
- Apple / macOS — v=unspecified <6.1 [affected]
- Apple / macOS — v=unspecified <13.3 [affected]
- Apple / macOS — v=unspecified <12.10 [affected]
- Apple / macOS — v=unspecified <10.9 [affected]
- Apple / macOS — v=unspecified <7.16 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/HT210785 x_refsource_MISC
- https://support.apple.com/en-us/HT210788 x_refsource_MISC
- https://support.apple.com/en-us/HT210789 x_refsource_MISC
- https://support.apple.com/en-us/HT210790 x_refsource_MISC
- https://support.apple.com/en-us/HT210793 x_refsource_MISC
- https://support.apple.com/en-us/HT210794 x_refsource_MISC
- https://support.apple.com/en-us/HT210795 x_refsource_MISC
Source
cvelistV5-main/cves/2019/8xxx/CVE-2019-8834.json