Apple SSL Bug!?

What about this ???

Source: US-CERT/NIST

This vulnerability is currently undergoing analysis and not all information is available.

Please check back soon to view the completed vulnerability summary.

Overview

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

And the site to test it

Source:http://gotofail.com ?

OS X Mavericks (10.9.1)

Posted on Feb 24, 2014 5:12 AM

16 replies

netsoup

Level 1

14 points

Mar 6, 2014 8:06 PM in response to netsoup

MIM attacks basically mean someone actually controlled your traffic, like at the wifi or ISP level, to be able to intercept and replace packets. That's way different than somebody being on the same network and there are commercial products out there that do that already, so I didn't understand how this changed that...

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Apple SSL Bug!?

Welcome to Apple Support Community

A forum where Apple customers help each other with their products. Get started with your Apple Account.

Learn more Sign up