HSTS Bypass Vulnerability in Apple iOS Allows Tracking via Crafted Websites

HSTS Bypass Vulnerability in Apple iOS Allows Tracking via Crafted Websites

CVE-2015-5860 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.

Learn more about our Cis Benchmark Audit For Apple Ios.