Apple Secure Transport Man In The Middle(MITM) Vulnerability
25 Jul. 2014
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
The information has been provided by Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris.
* Apple iOS till 7.1.0
* Apple OS X 10.8.x till 10.9.1
* Apple TV till 6.1.0
* Apple iOS 7.1.1 and later
* Apple OS X 10.9.2 and later
* Apple TV 6.1.1 and later
An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL . In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.