CVE-2019-8834

27.10.2020, 20:15

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
apple	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Vendor	Product	Version
apple	icloud	𝑥 < 7.16
apple	icloud	10.0 ≤ 𝑥 < 10.9
apple	itunes	𝑥 < 12.10.3
apple	ipados	𝑥 < 13.3
apple	iphone_os	𝑥 < 13.3
apple	mac_os_x	𝑥 < 10.15.2
apple	tvos	𝑥 < 13.3
apple	watchos	𝑥 < 6.1.1

𝑥

= Vulnerable software versions

References

https://support.apple.com/en-us/HT210785

https://support.apple.com/en-us/HT210788

https://support.apple.com/en-us/HT210789

https://support.apple.com/en-us/HT210790

https://support.apple.com/en-us/HT210793

https://support.apple.com/en-us/HT210794

https://support.apple.com/en-us/HT210795

https://support.apple.com/en-us/HT210785

https://support.apple.com/en-us/HT210788

https://support.apple.com/en-us/HT210789

https://support.apple.com/en-us/HT210790

https://support.apple.com/en-us/HT210793

https://support.apple.com/en-us/HT210794

https://support.apple.com/en-us/HT210795