Subscribe via feed.

Apple Security Advisory 2014-05-15-2

Posted by deepcore on May 19, 2014 – 3:25 pm

Apple Security Advisory 2014-05-15-2 – iTunes 11.2 is now available and addresses a credential interception issue. Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.

Tags: , ,
This post is under “Apple” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.