CVE-2015-7094
CVE-2015-7094 affects CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2. A crafted URL allows man-in-the-middle attackers to bypass HSTS protection. Documented impact is limited to bypassing HSTS via a crafted URL, enabling potential MITM. The vulnerability is addressed in iO...