Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security)

2016-08-01 21:48

Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/tIB_yZCff1E/

#browser #certificate #IOS #kaspersky #mitm #security #SSL #CVE-2016-6231

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2016-08-25	CVE-2016-6231	Information Exposure vulnerability in Kaspersky Safe Browser Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. network kaspersky CWE-200	4.3

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kaspersky		27	9	40	5	4	58
Safe		1	1	4	3	0	8