CFNetwork in Apple iOS prior to 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows malicious users to obtain sensitive information by reading a history file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |