CVE-2014-1266

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

Published: Feb 22, 2014
Updated: May 9, 2024
CVE: CVE-2014-1266
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-20
CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.9	10.9.2
apple / tvos	6.0	6.0.2
apple / iphone_os	7.0	7.0.6
apple / iphone_os	6.0	6.1.6

http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187
http://support.apple.com/kb/HT6146
http://support.apple.com/kb/HT6147
http://support.apple.com/kb/HT6148
http://support.apple.com/kb/HT6150
https://news.ycombinator.com/item?id=7281378
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html
https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html
https://www.imperialviolet.org/2014/02/22/applebug.html

Vulnerability Database

289,599

CVE-2014-1266