The OCSP client in Apple iOS prior to 9.1 does not check for certificate expiry, which allows remote malicious users to spoof a valid certificate by leveraging access to a revoked certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |