CVE-2015-5859 Information

Description

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Reference

https://support.apple.com/HT205212 https://support.apple.com/HT205267