Published:2008/07/14  Last Updated:2008/07/14

JVN#88676089
Safari installed in iPod touch and iPhone vulnerable in handling server certificates

Overview

Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent.

Products Affected

  • iPod touch v1.1 to v1.1.4
  • iPhone v1.0 to v1.1.4
For more information, refer to the vendor's web site.

Description

Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS.

According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt."

Impact

This vulnerability could be exploited to conduct a man-in-the-middle attack. As a result, this may lead to the disclosure of sensitive information.

Solution

Update the Software
Apply the latest updates provided by the vendor.
For more information, refer to the vendor's website.

Vendor Status

Vendor Link
Apple About the security content of iPhone v2.0 and iPod touch v2.0
Apple security updates

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.07.14

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Low - little to no expertise and/or luck required to exploit (cross-site scripting)
  • High

Description of each analysis measures

Credit

Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2008-1589
JVN iPedia JVNDB-2008-000039

Update History