Security News > 2016 > August > Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)

Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)
2016-08-01 21:48

Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/tIB_yZCff1E/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-08-25 CVE-2016-6231 Information Exposure vulnerability in Kaspersky Safe Browser
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
network
high complexity
kaspersky CWE-200
5.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaspersky 23 0 19 16 6 41
Safe 1 0 4 4 0 8