Apple · Os X · CVE-2015-7023
**Name of the Vulnerable Software and Affected Versions**
Apple iOS versions prior to 9.1
Apple OS X versions prior to 10.11.1
**Description**
The issue arises from the improper consideration of uppercase-versus-lowercase distinction during cookie parsing in CFNetwork. This allows remote web servers to overwrite cookies.
**Recommendations**
For Apple iOS versions prior to 9.1, update to version 9.1 or later.
For Apple OS X versions prior to 10.11.1, update to version 10.11.1 or later.