CVE-2015-3750

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 6.2.8 Apple Safari versions 7.x prior to 7.1.8 Apple Safari versions 8.x prior to 8.0.8 iOS versions prior to 8.4.1

Description The issue is related to errors in security settings of the WebKit component in Safari and iOS. It may allow a remote attacker to gain access to protected information by conducting man-in-the-middle attacks and modifying the data stream between the client and server. This can be achieved by exploiting the lack of enforcement of the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, allowing attackers to obtain sensitive information by sniffing the network or spoofing a report.

Recommendations For Apple Safari versions prior to 6.2.8, update to version 6.2.8 or later. For Apple Safari versions 7.x prior to 7.1.8, update to version 7.1.8 or later. For Apple Safari versions 8.x prior to 8.0.8, update to version 8.0.8 or later. For iOS versions prior to 8.4.1, update to version 8.4.1 or later.