CFNetwork in Apple iOS before 8.3 does not clear HSTS state information, leading to sensitive information exposure
CVE-2015-1090 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
Learn more about our Cis Benchmark Audit For Apple Ios.