CVE-2019-8834 — Apple IOS AND Ipados vulnerability

10 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 45.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Icloud +6 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

▶NVDapple/icloud10.0 — 10.9+1

▶NVDapple/tvos< 13.3

▶CVEListV5apple/macosunspecified — 10.15+5

▶NVDapple/ipados< 13.3

▶NVDapple/itunes< 12.10.3

🔴Vulnerability Details

GHSA

GHSA-8g54-57wc-xjfh: A configuration issue was addressed with additional restrictions↗2022-05-24

▶

CVEList

CVE-2019-8834: A configuration issue was addressed with additional restrictions↗2020-10-27

▶

📋Vendor Advisories

Apple

CVE-2019-8834: iCloud for Windows 10.9↗2019-12-11

▶

Apple

CVE-2019-8834: iTunes 12.10.3 for Windows↗2019-12-11

▶

Apple

CVE-2019-8834: iCloud for Windows 7.16↗2019-12-11

▶

Apple

CVE-2019-8834: watchOS 6.1.1↗2019-12-10

▶

Apple

CVE-2019-8834: iOS 13.3 and iPadOS 13.3↗2019-12-10

▶