Posted by [CXSEC] on Oct 24
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
Credit: Maksymilian Arciemowicz (https://cxsecurity.com/)
URL: https://cxsecurity.com/issue/WLB-2016100213
— 0. Description —-
The latest macOS and iOS have weak OCSP validation process which allow
attacker to send OCSP requests (up to 200k) in name of victim during
MiTM attack.
— 1. MiTM and handshake OCSP verification —
Apple’s SecureTransport trusts and…