PT-2015-7065 · Apple · Os X+3
Rosario Giustolisi
·
Publicado
2015-11-22
·
Atualizado
2015-11-30
·
CVE-2015-5859
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple iOS versions prior to 9
Apple OS X versions prior to 10.11
Description
The issue concerns the CFNetwork HTTPProtocol component, which fails to properly recognize the HSTS preload list during a Safari private-browsing session. This makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Recommendations
For Apple iOS versions prior to 9, update to version 9 or later to resolve the issue.
For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cfnetwork
Os X
Safari
Ios