Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the Apple iOS. iOS is Apple's mobile operating system for the iPhone, iPod Touch, and iPad hardware platforms.
The vulnerability was discovered by Paul Kehrer, who is a member of the Trustwave SSL team. Paul discovered a method which allowed him to sign an SSL certificate which was viewed as valid by iOS. Using this technique, an attacker who is able to intercept traffic from a vulnerable iOS device can craft an SSL certificate, and subsequently capture and decrypt the traffic from applications which utilize this certificate. No notification is presented to the end user, which allows the attacker to perform this attack without detection.
Paul, along with Nicholas Percoco, head of SpiderLabs, will be giving a presentation at DEF CON 19 on SSL vulnerabilities, including this specific issue. Refer to this link for further details.
Additionally, further information can also be viewed in the following links:
http://support.apple.com/kb/HT4824
http://support.apple.com/kb/HT4825
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.