CVE-2015-5841

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9

Description The issue arises from the CFNetwork Proxies component's improper handling of a Set-Cookie header within a response to an HTTP CONNECT request. This allows remote proxy servers to conduct cookie-injection attacks via a crafted response. The vulnerability can be exploited by a remote attacker to inject cookies using a specially formed request.

Recommendations For Apple iOS versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted proxy servers to minimize the risk of exploitation. Avoid using the Set-Cookie header in responses to HTTP CONNECT requests until the issue is resolved.