CVE-2019-8834: A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina…

medium4.3CVSS 3.1

AVNACLPRLUINSUCNILAN

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
apple	icloud	< 7.16	7.16
apple	icloud	>= 10.0 < 10.9	10.9
apple	icloud_for_windows	—	—
apple	icloud_for_windows	—	—
apple	ios_13.3_and_ipados	—	—
apple	ios_and_ipados	>= unspecified < 13.3	13.3
apple	ipados	< 13.3	13.3
apple	iphone_os	< 13.3	13.3
apple	itunes	< 12.10.3	12.10.3
apple	itunes_12.10.3_for_windows	—	—
apple	mac_os_x	< 10.15.2	10.15.2
apple	macos	>= unspecified < 10.15	10.15
apple	macos	>= unspecified < 6.1	6.1
apple	macos	>= unspecified < 13.3	13.3
apple	macos	>= unspecified < 12.10	12.10
apple	macos	>= unspecified < 10.9	10.9
apple	macos	>= unspecified < 7.16	7.16
apple	macos_catalina_10.15.2_security_update_2019-002_mojave_security_update_2019-007	—	—
apple	tvos	< 13.3	13.3
apple	tvos	—	—
apple	watchos	< 6.1.1	6.1.1
apple	watchos	—	—