CFNetwork in Apple iOS prior to 9.1 and OS X prior to 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
apple iphone os |