HSTS Bypass Vulnerability in CFNetwork HTTPProtocol
CVE-2015-7094 · LOW Severity
AV:N/AC:H/AU:N/C:N/I:P/A:N
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
Learn more about our Cis Benchmark Audit For Apple Ios.