Diego Torres

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 **Description** The issue concerns the handling of HTTP Strict Transport Security (HSTS) state information. In affected versions, this information is not deleted when a user clears their Safari browsing history, potentially allowing attackers to obtain sensitive information by reading the history file. **Recommendations** For versions prior to 8.3, update to version 8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 Apple OS X versions prior to 10.10.3 **Description** The issue allows remote attackers to bypass the Same Origin Policy via a crafted web site, due to improper handling of request headers during processing of redirects in HTTP responses. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later. For Apple OS X versions prior to 10.10.3, update to version 10.10.3 or later.