CVE-2014-1266 — Improper Certificate Validation in Apple Iphone OS

CWE-295 — Improper Certificate Validation CWE-561 — Dead Code CWE-300 — Channel Accessible by Non-Endpoint CWE-1164 — Irrelevant Code CWE-705 — Incorrect Control Flow Scoping CWE-483 — Incorrect Block Delimitation CWE-20 — Improper Input Validation CWE-1114 — Inappropriate Whitespace Style CWE-393 — Return of Wrong Status Code CWE-691 — Insufficient Control Flow Management CWE-923 — Improper Restriction of Communication Channel to Intended Endpoints13 documents4 sources

Severity

7.4HIGHNVD

EPSS

17.9%

top 4.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos

Timeline

PublishedFeb 22

Latest updateMay 2

Description

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages3 packages

▶NVDapple/tvos6.0 — 6.0.2

▶NVDapple/mac_os_x10.9 — 10.9.2

▶NVDapple/iphone_os6.0 — 6.1.6+1

🔴Vulnerability Details

GHSA

GHSA-4j69-27g2-fgcw: The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange↗2022-05-14

▶

📋Vendor Advisories

Red Hat

kernel: mptcp: fix UaF in listener shutdown↗2025-05-02

▶

📐Framework References

CWE

Dead Code↗

▶

CWE

Channel Accessible by Non-Endpoint↗

▶

CWE

Irrelevant Code↗

▶

CWE

Incorrect Control Flow Scoping↗

▶

CWE

Incorrect Block Delimitation↗

▶