Apple · Os X · CVE-2015-5859
**Name of the Vulnerable Software and Affected Versions**
Apple iOS versions prior to 9
Apple OS X versions prior to 10.11
**Description**
The issue concerns the CFNetwork HTTPProtocol component, which fails to properly recognize the HSTS preload list during a Safari private-browsing session. This makes it easier for remote attackers to obtain sensitive information by sniffing the network.
**Recommendations**
For Apple iOS versions prior to 9, update to version 9 or later to resolve the issue.
For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue.