CVE-2015-5859

Apple iOS < 9 and OS X < 10.11 - Sensitive Information Exposure via HSTS Preload List Bypass

Title source: llm
STIX 2.1

Description

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205212
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205267

Scores

EPSS 0.0145
EPSS Percentile 70.2%

Details

CWE
CWE-200
Status published
Products (2)
apple/iphone_os < 8.4.1
apple/mac_os_x < 10.10.4
Published Nov 22, 2015
Tracked Since Feb 18, 2026