Vulmon
『低レイヤを知りたい人のためのCコンパイラ作成入門』
『低レイヤを知りたい人のためのCコンパイラ作成入門』 をやってみる wwwsigbusinfo/compilerbook#%E3%81%AF%E3%81%98%E3%82%81%E3%81%AB 2020-03-16 githubcom/rui314/9cc the successor: githubcom/rui314/chibicc TOC 全体的なノート 各章のノート いろんな人のやってみた記録 Cコンパイラ作成集中
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, and Apple OS X 10.9.x prior to 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle malicious users to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple mac os x |
||
apple tvos |
||
apple iphone os |
OS X Mavericks still VULNERABLE, millions at risk of web hijacking
Updated2 Apple has updated its mobile operating system iOS to patch a bug that blows apart the integrity of encrypted connections. Versions 7.0.6 and 6.1.6, available now for download, fixes a vulnerability that could allow "an attacker with a privileged network position" to "capture or modify data in sessions protected by SSL/TLS," according to the iPhone maker. This is due to the Secure Transport component of the operating system failing to validate "the authenticity of the connection," sugges...