CFNetwork in Apple iOS prior to 10, OS X prior to 10.12, tvOS prior to 10, and watchOS prior to 3 misparses the Set-Cookie header, which allows remote malicious users to obtain sensitive information via a crafted HTTP response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple watchos |
||
apple tvos |
||
apple iphone os |
||
apple mac os x |