Saturday, 22 February 2014

Apple's SSL/TLS Bug

Yesterday, Apple pushed a rather spooky security update [1] for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details​. 

A very quick test site for testing if you are vulnerable to this bug (use Safari browser) can be found here: 

Note the port number (which is the CVE number), the normal site is running on port 443 and that is expected to work. On port 1266 the server is sending the same certificates but signing with a completely different key. If you can load an HTTPS site on port 1266 then you have this bug.


No comments:

Post a Comment