Security Advisory

CVE-2015-1090

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-04-10 14:00:00

Last updated 2024-08-06 04:33:20

Assigner apple

State PUBLISHED

Description

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

← Browse all CVEs View on cve.org ↗