Posted by [CXSEC] on Oct 24

Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
Credit: Maksymilian Arciemowicz (https://cxsecurity.com/)
URL: https://cxsecurity.com/issue/WLB-2016100213

— 0. Description —-

The latest macOS and iOS have weak OCSP validation process which allow
attacker to send OCSP requests (up to 200k) in name of victim during
MiTM attack.

— 1. MiTM and handshake OCSP verification —
Apple’s SecureTransport trusts and…