CFNetwork in Apple iOS before 8.3 does not clear HSTS state information, leading to sensitive information exposure

CFNetwork in Apple iOS before 8.3 does not clear HSTS state information, leading to sensitive information exposure

CVE-2015-1090 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

Learn more about our Cis Benchmark Audit For Apple Ios.