CVE-2014-1266 Apple iOS 6.x SSL欺騙漏洞

From PwnWiki
Revision as of 11:07, 7 April 2021 by Pwnwiki (talk | contribs) (Created page with "==INFO== The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

INFO

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

EXP

https://github.com/JustYoomoon/Exploit/blob/main/CVE-2014-1266.zip

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2014-1266_Apple_iOS_6.x_SSL欺騙漏洞&oldid=1069"