HSTS Bypass Vulnerability in CFNetwork HTTPProtocol

HSTS Bypass Vulnerability in CFNetwork HTTPProtocol

CVE-2015-7094 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

Learn more about our Cis Benchmark Audit For Apple Ios.