CVE-2011-0228

iPhone OS < 4.2.10 and 4.3.x < 4.3.5 - Man-in-the-Middle Attack via Improper X.509 Certificate Chain Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0228. PoCs published by jan0.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2011-0228, which addresses a certificate chain validation issue in iOS. The code includes a dynamic library (`isslfix.dylib`) that patches the vulnerability by blacklisting specific malicious certificates (Comodo and DigiNotar) and enforcing proper certificate validation.

Description

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

Exploits (1)

nomisec WORKING POC 9 stars
by jan0 · poc
https://github.com/jan0/isslfix

This repository contains a functional exploit PoC for CVE-2011-0228, which addresses a certificate chain validation issue in iOS. The code includes a dynamic library (`isslfix.dylib`) that patches the vulnerability by blacklisting specific malicious certificates (Comodo and DigiNotar) and enforcing proper certificate validation.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: iOS (versions < 4.3.5)
No auth needed
Prerequisites: Jailbroken iOS device · Access to compile and deploy the dynamic library
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48877
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4824
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45369
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518982/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4825
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8361
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025837

Scores

EPSS 0.0639
EPSS Percentile 92.9%

Details

CWE
CWE-20
Status published
Products (38)
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2
apple/iphone_os 1.1.3
apple/iphone_os 1.1.4
apple/iphone_os 1.1.5
apple/iphone_os 2.0
... and 28 more
Published Aug 29, 2011
Tracked Since Feb 18, 2026