CVE-2014-1266

HIGH

Apple iOS 6.x-7.0.5, macOS 10.9.x, tvOS 6.x - Improper Certificate Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2014-1266. PoCs published by gabrielg, landonf, macressler.

AI-analyzed exploit summary This repository contains a Go-based proof-of-concept for CVE-2014-1266, demonstrating the SSL verification vulnerability in iOS and OS X. It implements a proxy server that intercepts HTTPS requests from vulnerable clients and redirects them to an HTTP server, exploiting the flawed SSL verification.

Description

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

Exploits (4)

nomisec WORKING POC 78 stars
by gabrielg · poc
https://github.com/gabrielg/CVE-2014-1266-poc

This repository contains a Go-based proof-of-concept for CVE-2014-1266, demonstrating the SSL verification vulnerability in iOS and OS X. It implements a proxy server that intercepts HTTPS requests from vulnerable clients and redirects them to an HTTP server, exploiting the flawed SSL verification.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Apple iOS (versions 6.0-7.0.6) and OS X (10.9)
No auth needed
Prerequisites: Vulnerable client (iOS or OS X with affected versions) · Network position to intercept traffic
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 26 stars
by landonf · poc
https://github.com/landonf/Testability-CVE-2014-1266

This repository provides a proof-of-concept and unit tests for CVE-2014-1266, focusing on the vulnerable SSLVerifySignedServerKeyExchange function in Apple's libsecurity_ssl. It demonstrates how the signing code could have been tested for incorrect parameters.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Apple libsecurity_ssl (affected versions)
No auth needed
Prerequisites: Access to vulnerable Apple libsecurity_ssl implementation
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by macressler · poc
https://github.com/macressler/SSLPatch

This repository provides a Cydia Substrate tweak to patch the 'goto fail' SSL verification vulnerability (CVE-2014-1266) in iOS and OS X. It is a runtime patch that does not modify system files, making it safe for jailbroken devices.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: iOS and OS X (versions affected by CVE-2014-1266)
No auth needed
Prerequisites: Jailbroken iOS device · Cydia Substrate installed
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6147
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6148
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6150
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6146
Exploit, Issue Tracking x_refsource_misc
https://news.ycombinator.com/item?id=7281378

Scores

CVSS v3 7.4
EPSS 0.0571
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-295
Status published
Products (3)
apple/iphone_os 6.0 - 6.1.6
apple/mac_os_x 10.9 - 10.9.2
apple/tvos 6.0 - 6.0.2
Published Feb 22, 2014
Tracked Since Feb 18, 2026