Security News > 2016 > August > Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)
2016-08-01 21:48
Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/tIB_yZCff1E/
Related news
- DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links (source)
- iOS 18 settings to lock down your privacy and security (source)
- Australia Bans Kaspersky Software Over National Security and Espionage Concerns (source)
- Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today (source)
- WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-25 | CVE-2016-6231 | Information Exposure vulnerability in Kaspersky Safe Browser Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | 5.9 |