Published: 23/04/2014 Updated: 08/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Secure Transport in Apple iOS prior to 7.1.1, Apple OS X 10.8.x and 10.9.x up to and including 10.9.2, and Apple TV prior to 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle malicious users to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os 7.0.3
apple iphone os 7.0.4
apple iphone os 7.0.5
apple iphone os 7.0.6
apple iphone os 7.0
apple iphone os 7.0.2
apple iphone os
apple iphone os 7.0.1
apple mac os x 10.9
apple mac os x 10.9.2
apple mac os x 10.9.1
apple tvos 6.0
apple tvos 6.0.1
apple tvos 6.0.2
apple tvos
apple mac os x 10.8.2
apple mac os x 10.8.3
apple mac os x 10.8.4
apple mac os x 10.8.5
apple mac os x 10.8.0
apple mac os x 10.8.1

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

The Register • John Leyden • 23 Apr 2014

Triple-handshake flaw stalks Macs and iThings

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X. Apple's "triple handshake" bug [CVE-2014-1295, advisory] is unrelated to Heartbleed, and nothing like as serious, according to security experts. For one thing, Heartbleed is a problem...

CVE-2014-1295

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect