HSTS Bypass Vulnerability in Apple iOS Allows Tracking via Crafted Websites
CVE-2015-5860 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
Learn more about our Cis Benchmark Audit For Apple Ios.