CVE-2014-1266 — HIGH (7.4) — White Hats Nepal

Q: How severe is CVE-2014-1266?

CVE-2014-1266 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1266?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos.

Vulnerability Description

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	>= 6.0, < 6.1.6
Apple	Mac Os X	>= 10.9, < 10.9.2
Apple	Tvos	>= 6.0, < 6.0.2

Related Weaknesses (CWE)

CWE-295

References

http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187Issue Tracking
http://support.apple.com/kb/HT6146Vendor Advisory
http://support.apple.com/kb/HT6147Vendor Advisory
http://support.apple.com/kb/HT6148Vendor Advisory
http://support.apple.com/kb/HT6150Vendor Advisory
https://news.ycombinator.com/item?id=7281378ExploitIssue Tracking
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.htmlExploit
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.htmlExploit
https://www.imperialviolet.org/2014/02/22/applebug.htmlExploit
http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187Issue Tracking
http://support.apple.com/kb/HT6146Vendor Advisory
http://support.apple.com/kb/HT6147Vendor Advisory
http://support.apple.com/kb/HT6148Vendor Advisory
http://support.apple.com/kb/HT6150Vendor Advisory
https://news.ycombinator.com/item?id=7281378ExploitIssue Tracking

FAQ

What is CVE-2014-1266?

CVE-2014-1266 is a vulnerability with a CVSS score of 7.4 (HIGH). The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6,...

How severe is CVE-2014-1266?

CVE-2014-1266 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1266?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos.