App update "man-in-the-middle security bypass" issue
Do I have a virus?
When updating apps today, the IBM security software reported the following:
10/01/2015, 13:09:05 GMT: submitted by atl-prd-webapp-02b-SOC_Console
Ticket updated via SOC Console by user: ogarasym
Src Ip Src Port Event Name Action Severity Dst Ip Dst Port Count Timestamp
208.87.181.43 49566 OpenSSL TLS Man-In-The-Middle Security Bypass MONITOR High 17.249.105.246 443 1 10/01/2015 12:52:37
Src. Attributes Dst. Attributes
208.87.181.43: Internal
Attack ID: CPAI-2014-1616
Last Update: 19-April-2015
Industry References: CVE-2014-0224
Source: IPS Research Team
Supported Products: Security Gateway: R77, R76, R75, R71, R70
Threat Description:
A security bypass via ChangeCipherSpec (CCS) Injection vulnerability has been reported in older versions of OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for keying material. The vulnerability can be exploited through the use of a man in the middle attack, where an attacker may be able to decrypt and modify traffic in transit. A remote unauthenticated attacker could exploit this vulnerability by using a specially crafted handshake to force the use of weak keying material.
IPS Protection:
This protection will detect and block attempts to exploit this vulnerability.
Attack Detection:
Attack Name: SSL Enforcement Violation
Attack Information: OpenSSL TLS Man-In-The-Middle Security Bypass
Vulnerable Systems:
iPad 2, iOS 9.0.2