Kaspersky iOS browser vuln

Kaspersky's Safe Browser for iOS isn't: until recently, researchers have discovered, it didn't actually validate the certificates it said it was checking.

The failure to check certificates opened up users to man-in-the-middle attacks, since (for example) a malicious Wi-Fi hotspot could present a fake certificate and sniff traffic.

The Bugtraq advisory here states simply that “An attacker who can perform a man in the middle attack may present a bogus SSL certificate for a secure site which the application will accept silently. Usernames, passwords and sensitive information could be captured by an attacker without the user's knowledge.”

The issue occurs in versions 1.6.0 and earlier, and Kaspersky has updated the application here. ®


Biting the hand that feeds IT © 1998–2017