mw3demo Posted February 23, 2014 Share Posted February 23, 2014 http://www.macrumors.com/2014/02/22/os-x-ssl-vulnerability/ Just read this article. Is it basically saying the Apple has patched this? I'm going to test tommorow. Looks like OSX will eventually get patched too. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 23, 2014 Share Posted February 23, 2014 That isn't talking about Karma. It's talking about SSL. "Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." Meaning, if you are MITM, you can modify the traffic even with SSL/TLS. "Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps." In other words, iOS was vulnerable to a man-in-the-middle attack where an attacker could pose as a trusted website to intercept communications, acquiring sensitive information such as login credentials and passwords, or injecting harmful malware. To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system). Quote Link to comment Share on other sites More sharing options...
mw3demo Posted February 23, 2014 Author Share Posted February 23, 2014 You are 100% right, it was 5am. Title should have been "SSLStrip Patched by Apple for iOS?" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.