The CFNetwork HTTPProtocol component in Apple iOS prior to 9 mishandles HSTS state, which allows remote malicious users to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
||
apple watchos 1.0 |