CVE-2014-1266 PoC — Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞

Source

https://github.com/gabrielg/CVE-2014-1266-poc

Associated Vulnerability

Title:Apple iOS ‘SSLVerifySignedServerKeyExchange’函数输入验证漏洞 (CVE-2014-1266)
Description:The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

Description

Apple OS X/iOS SSL flaw demonstration

Readme

# OS X/iOS SSL Flaw POC

## Overview

This repository contains some Go code that demonstrates the recently discovered
SSL verification vulnerability in iOS and OS X.

* [Apple Update Announcement](http://support.apple.com/kb/HT6147)
* [Adam Langley's writeup](https://www.imperialviolet.org/2014/02/22/applebug.html)

## Usage

```
$ git clone https://github.com/gabrielg/CVE-2014-1266-poc.git
$ cd CVE-2014-1266-poc
$ go build main.go
$ ./main

# In another terminal
$ cd CVE-2014-1266-poc
$ go run http_server.go
```

Then set the proxy on a vulnerable machine to point at port 8080 on the machine
running the proxy server. HTTPS requests will be intercepted and redirected to
the HTTP server listening on the UNIX domain socket that the proxy makes
connections to.

![screenshot](screenshot.png)

---

Pass the time with some reading over at [gironda.org](http://www.gironda.org).

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!