Improper Host Identification in CFNetwork Allows Information Disclosure

Improper Host Identification in CFNetwork Allows Information Disclosure

CVE-2012-3724 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.

Learn more about our Cis Benchmark Audit For Apple Ios.