Vulnerabilities

CVE-2011-0228

by Fred · 29/08/2011

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

Date published : 2011-08-29

http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html

http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html

Related

Tags: Cybersecurity Alert