Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion

2016.12.14

Credit: Maksymilian Arciemowicz

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-399

Apple did not fully patched I do not tested the latest update

https://support.apple.com/en-us/HT207423
---
Security
Available for: macOS Sierra 10.12.1
Impact: An attacker in a privileged network position may be able to cause a denial of service
Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
---

Use the latest Safari and macOS and check

PoC:
https://abuse.cert.cx/

References:

https://abuse.cert.cx/

https://cxsecurity.com/issue/WLB-2016100213

https://support.apple.com/en-us/HT207423

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.