Michael Lutonsky

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.1 Apple OS X versions prior to 10.11.1 **Description** The issue arises from the improper consideration of uppercase-versus-lowercase distinction during cookie parsing in CFNetwork. This allows remote web servers to overwrite cookies. **Recommendations** For Apple iOS versions prior to 9.1, update to version 9.1 or later. For Apple OS X versions prior to 10.11.1, update to version 10.11.1 or later.