CVE-2019-8834 | Vulnerability Database | Aqua Security

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

Affected Software

Name	Vendor	Start Version	End Version
Icloud	Apple	*	7.16 (excluding)
Icloud	Apple	10.0 (including)	10.9 (excluding)
Itunes	Apple	*	12.10.3 (excluding)
Ipados	Apple	*	13.3 (excluding)
Iphone_os	Apple	*	13.3 (excluding)
Mac_os_x	Apple	*	10.15.2 (excluding)
Tvos	Apple	*	13.3 (excluding)
Watchos	Apple	*	6.1.1 (excluding)

References

https://support.apple.com/en-us/HT210785
https://support.apple.com/en-us/HT210788
https://support.apple.com/en-us/HT210789
https://support.apple.com/en-us/HT210790
https://support.apple.com/en-us/HT210793
https://support.apple.com/en-us/HT210794
https://support.apple.com/en-us/HT210795

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-8834
CWE	https://cwe.mitre.org/data/definitions/.html