Information
This recommendation pertains to the acceptance of third-party cookies.
Rationale:
The HEIST cookie exploit allows for retrieving data from cookies stored on a device. Cookies often follow poor coding practices and often include authentication properties. Limiting acceptance of cookies to only those from sites intentionally visited reduces the likelihood of exploit.
Solution
Open Apple Configurator.
Open the Configuration Profile.
In the left windowpane, click on the Restrictions tab.
In the right windowpane, under the tab Apps, set the Accept cookies menu to From websites I visit or From current website only.
Deploy the Configuration Profile.
Additional Information:
From websites I visit accepts cookies from the current domain, and any domain you've visited. From current website only only accepts cookies from the current domain.