vulnerability

OS X update for CFNetwork (CVE-2019-8834)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Feb 4, 2020	Feb 4, 2020	Nov 2, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Feb 4, 2020

Added

Feb 4, 2020

Modified

Nov 2, 2020

Description

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

Solution

apple-osx-upgrade-10_15_2

References

CVE-2019-8834
https://attackerkb.com/topics/CVE-2019-8834
URL-https://support.apple.com/kb/HT210788

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today