jan0

1 exploit Active since Aug 2011
CVE-2011-0228 NOMISEC WORKING POC
iPhone OS < 4.2.10 and 4.3.x < 4.3.5 - Man-in-the-Middle Attack via Improper X.509 Certificate Chain Validation
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
9 stars