JVN#88676089
Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Overview
Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent.
Products Affected
- iPod touch v1.1 to v1.1.4
- iPhone v1.0 to v1.1.4
Description
Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS.
According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt."
Impact
This vulnerability could be exploited to conduct a man-in-the-middle attack. As a result, this may lead to the disclosure of sensitive information.
Solution
Update the Software
Apply the latest updates provided by the vendor.
For more information, refer to the vendor's website.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2008.07.14
Measures | Conditions | Severity |
---|---|---|
Access Required | Routed - can be attacked over the Internet using packets |
|
Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory | |
CPNI Advisory | |
TRnotes | |
CVE |
CVE-2008-1589 |
JVN iPedia |
JVNDB-2008-000039 |