Security News > 2016 > August > Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)
2016-08-01 21:48
Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/tIB_yZCff1E/
Related news
- Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information (source)
- Comprehensive Guide to Building a Strong Browser Security Program (source)
- SSL Certificate Best Practices Policy (source)
- New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones (source)
- iOS 18 added secret and smart security feature that reboots iThings after three days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-25 | CVE-2016-6231 | Information Exposure vulnerability in Kaspersky Safe Browser Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | 5.9 |