The Keychain implementation in Apple Mac OS X 10.6.8 and previous versions does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle malicious users to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x 10.6.2 |
||
apple mac os x 10.6.3 |
||
apple mac os x 10.6.6 |
||
apple mac os x 10.6.7 |
||
apple mac os x 10.6.0 |
||
apple mac os x 10.6.1 |
||
apple mac os x |
||
apple mac os x 10.6.4 |
||
apple mac os x 10.6.5 |
||
apple mac os x server |
||
apple mac os x server 10.6.6 |
||
apple mac os x server 10.6.5 |
||
apple mac os x server 10.6.2 |
||
apple mac os x server 10.6.1 |
||
apple mac os x server 10.6.0 |
||
apple mac os x server 10.6.7 |
||
apple mac os x server 10.6.3 |
||
apple mac os x server 10.6.4 |