CVE-2014-1266
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
7Exploited in Wild
-Decision
Descriptions
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
La función SSLVerifySignedServerKeyExchange en libsecurity_ssl/lib/sslKeyExchange.c la funcionalidad Secure Transport en el componente Data Security en Apple iOS 6.x anterior a 6.1.6 y 7.x anterior a 7.0.6, Apple TV 6.x anterior a 6.0.2 y Apple OS X 10.9.x anterior a 10.9.2 no comprueba la firma en un mensaje TLS Server Key Exchange, lo que permite a atacantes man-in-the-middle falsificar servidores SSL mediante (1) el uso de una clave privada arbitraria para el paso de la firma o (2) la omisión del paso de la firma.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-08 CVE Reserved
- 2014-02-22 CVE Published
- 2014-02-22 First Exploit
- 2024-07-17 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://support.apple.com/kb/HT6146 | 2024-02-09 | |
http://support.apple.com/kb/HT6147 | 2024-02-09 | |
http://support.apple.com/kb/HT6148 | 2024-02-09 | |
http://support.apple.com/kb/HT6150 | 2024-02-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 6.0 < 6.1.6 Search vendor "Apple" for product "Iphone Os" and version " >= 6.0 < 6.1.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 7.0 < 7.0.6 Search vendor "Apple" for product "Iphone Os" and version " >= 7.0 < 7.0.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.9 < 10.9.2 Search vendor "Apple" for product "Mac Os X" and version " >= 10.9 < 10.9.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | >= 6.0 < 6.0.2 Search vendor "Apple" for product "Tvos" and version " >= 6.0 < 6.0.2" | - |
Affected
|