CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors...

Code injection

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors...

CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors...

CVE-2015-7023

CVE-2015-7023 affects CFNetwork in iOS and macOS. The root cause is a failure to consistently apply uppercase vs lowercase when parsing cookies, enabling a remote server to overwrite cookies via unspecified vectors. The vulnerability is described as allowing cookies to be overwritten by different...

Apple iOS < 9.1 Multiple Vulnerabilities

Binary data appleios91check.nbin...

Apple iOS < 9.0 Multiple Vulnerabilities

Binary data 8979.prm...

Mac OS X < 10.10.4 Multiple Vulnerabilities

Binary data 8801.prm...

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issu...

The vulnerability of the iOS operating system allows attackers to carry out attacks related to the injection of cookie files.

The vulnerability of the CFNetwork Proxies component in the iOS operating system exists due to the lack of measures taken to neutralize these special elements. Exploiting this vulnerability allows a malicious actor to perform attacks related to the injection of cookies through a specially crafted...

APPLE-SA-2015-09-16-1 iOS 9

APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log...

The vulnerability of the iOS operating system allows a perpetrator to initiate TCP connections with nodes within the internal network.

The vulnerability of the CFNetwork FTP Protocol component in the iOS operating system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to initiate TCP connections with internal network nodes using specially crafted responses to requests...

The vulnerability of the iOS operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the NSURL component of CFNetwork SSL in the iOS operating system is related to cryptographic transformation errors. Exploiting this vulnerability can allow attackers to gain access to protected information through “man-in-the-middle” attacks and with the use of specially...

Apple watchOS2 security patches

Apple today brought a smile to the face of gadget geeks with the release of watchOS2, and for the second time in five months, a new version of the Apple Watch operating system brought with it a flurry of security patches. This round includes more than a dozen code execution vulnerabilities in a...

CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...

CVE-2015-5885

The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain...

Information disclosure

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...

Code injection

The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain...

Design/Logic Flaw

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...

CVE-2015-5860

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site...