Lucene search
RootSSV:61548HistoryFeb 25, 2014 - 12:00 a.m.
Apple多个产品SSL/TLS处理验证绕过漏洞
2014-02-2500:00:00
Root
www.seebug.org
134
0.027 Low
EPSS
Percentile
89.4%
CVE ID:CVE-2014-1266
Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。Apple TV是苹果可以让PC和iPod中的相片,视频和音乐无线传输到电视之中高清晰度播出。Apple Mac OS X是一款苹果公司开发的操作系统。
Apple多个产品数据安全组件中安全传送特征中的SSLVerifySignedServerKeyExchange函数(libsecurity_ssl/lib/sslKeyExchange.c)存在安全漏洞,由于没有正确检查TLS Server Key Exchange消息中的签名,允许可进行中间人攻击的攻击者在签名步骤中使用任意私钥或忽略签名步骤来伪造SSL服务器。
0
Apple iOS 6.x
Apple iOS 7.x
Apple TV 6.x
Apple OS X 10.9.x
厂商补丁:
Apple
Apple iOS 6.1.6,7.0.6,Apple TV 6.0.2,Apple OS X 10.9.2已经修复该漏洞,建议用户下载更新:
http://www.apple.com
Related
exploitpack
exploitpack
Apple macOS 10.13.5 - Local Privilege Escalation
2019-02-13 00:00:00
thn
thn
Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely
2014-02-25 06:45:00
prion
prion
Design/Logic Flaw
2014-02-22 17:05:00
checkpoint_advisories
checkpoint_advisories
checkpoint_security
checkpoint_security
Check Point response to Apple CVE-2014-1266
2014-02-23 22:00:00
securityvulns
securityvulns
Apple products SSL validation vulnerability
2014-02-28 00:00:00
APPLE-SA-2014-02-21-3 Apple TV 6.0.2
2014-02-28 00:00:00
APPLE-SA-2014-02-21-1 iOS 6.1.6
2014-02-28 00:00:00
cve
cve
CVE-2014-1266
2014-02-22 17:05:00
exploitdb
exploitdb
Apple macOS 10.13.5 - Local Privilege Escalation
2019-02-13 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities -07 (Sep 2014)
2014-09-22 00:00:00
nessus
nessus
Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
2014-02-25 00:00:00