Release date:
Updated on:
Affected Systems:
Apple iOS 4.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-0228
Apple iOS is the latest operating system running on Apple's iPhone and iPod touch devices.
Apple iOS "basicConstraints" X.509 has a spoofing vulnerability. remote users can exploit this vulnerability to perform spoofing attacks.
This vulnerability is caused by an error in verifying the Certificate "basicConstraints" parameter in the certificate chain. A man-in-the-middle attack can fool certificates in any domain and leak encrypted information.
<* Source: vendor
Link: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
Http://support.apple.com/kb/HT4824
Http://support.apple.com/kb/HT4825
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.apple.com/