NSAllowsArbitraryLoadsForMedia permits cleartext/weak-TLS media loads (AVFoundation).
How it's exploited
The media exception (NSAllowsArbitraryLoadsForMedia) lets AVFoundation streams travel over plaintext. An on-path attacker can substitute or record the media content.
Why it matters
Streamed content can be tampered with or monitored; DRM and privacy expectations around media break.
How to fix it
Serve media over HTTPS and remove the exception.
If a CDN blocks this, scope an NSExceptionDomains entry to that CDN host instead of the global media opt-out.