Batu69 Posted August 4, 2016 Share Posted August 4, 2016 Security researcher David Coomber spotted a SSL certificate vulnerability in the Kaspersky Safe Browser iOS app. The flaw (CVE-2016-6231) could allow an attacker to perform man-in-the-middle (MitM) attacks by presenting a bogus SSL certificate for a secure site which the application would silently accept, according to an advisory on Coomber's blog Info-Sec.ca. The bug is caused by the app's failure to validate the SSL certificates it receives when connecting to secure sites and versions 1.6.0 and below are affected. Coomber notified Kaspersky of the bug on June 23 and the issue was patched on July 28 in the release of version 1.7.0. Users are encouraged to update the app as soon as possible. Kaspersky said in its own advisory that the “vulnerability could have been exploited only if user opens malware HTTPS link that is not detected by anti-phishing or other anti-malware engines embedded in the application.” Article source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.