Security News > 2016 > August > Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)
Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/tIB_yZCff1E/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-25 | CVE-2016-6231 | Information Exposure vulnerability in Kaspersky Safe Browser Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | 4.3 |