Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion

2016.12.14
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-399

Apple did not fully patched I do not tested the latest update https://support.apple.com/en-us/HT207423 --- Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com) --- Use the latest Safari and macOS and check PoC: https://abuse.cert.cx/

References:

https://abuse.cert.cx/
https://cxsecurity.com/issue/WLB-2016100213
https://support.apple.com/en-us/HT207423


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top