CVE-2011-0228 Information

Feb 14, 2021 cve

Description

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

Reference

http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html http://secunia.com/advisories/45369 http://securityreason.com/securityalert/8361 http://securitytracker.com/id?1025837 http://support.apple.com/kb/HT4824 http://support.apple.com/kb/HT4825 http://www.securityfocus.com/archive/1/518982/100/0/threaded http://www.securityfocus.com/bid/48877 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt

Share on: