Details of VAR-201402-0405

ID

VAR-201402-0405

CVE

CVE-2014-1266

TITLE

plural Apple of the product Data Security of the component Secure Transport in function SSL Server spoofing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001444

DESCRIPTION

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Apple iOS and TV are prone to a security-bypass vulnerability because it fails to properly validate connections. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. There is a security vulnerability in the 'SSLVerifySignedServerKeyExchange' function in the libsecurity_ssl/lib/sslKeyExchange.c file of the Secure Transport function of the Data Security component in Apple iOS. An attacker in a privileged network position could potentially capture or modify data in an SSL/TLS-protected session. The following versions are affected: Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, Apple OS X 10.9.x prior to 10.9.2 Version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-21-2 iOS 7.0.6 iOS 7.0.6 is now available and addresses the following: Data Security Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0.6". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTBpN9AAoJEPefwLHPlZEwFpYP/2Ac20hocp3/xWv08EFmpZpl T52aoGMpJxZFRh307mS76jNXDZ2KodcBboESKbYE8PxMK9DkAtqEbSQjMa9cUK3+ 3iUhqNnFm7YrG8+8JVoZ58Jxiq9zEmKGVEf+s4o1F1ORJPAQRDROiC5MBru1UOAb /sXZeX1Awr81RJeu4f8A9Qddu6AEICr2sYRlWQA8wa24Y2qswrOvqvFRSK4WnB8L 6sqe6JL0C59GhjRh11WsObMQN+vbBcVty7q4e0WfuLNt0LP8yZBC2XruAx0Q2v1k t5JA6keq7zwAzE+zO4qjYXGTVePyPe7vJx00ndjvTjAI7iXrcRgNxUuH5BAj7O7h agzSWNKvaUYynJd2oiv5onN7kh+3UbexiXIKOc5ZgOpVk7fgLCnN9UcPuxpGjF5u RODQM5LtAYEdmzs4Ws711Gu+k0OT3QTWXWu9/k6Yp2DKwCjDp9gzM/EhT5T7PqCL KM8gnGOiTJh0vUmdI94huF987heNBzoRId/wdip/e2iXKTGB3Z8AipmDi72v63FB seh7rZWOgxZ+9YSCyXFl4FfcZDBSEhERzw2C8OXP2iXBzspM3LsqlqBbbyTB/bRm lOSrP8nxkf0Fw8ehqs52wxfjenk2hvnkHddE4HU3DuvoK4M9hZ98sLppHxoxw7Lp aMn7lqBBT+6V5+uaVkA8 =klGW -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2014-1266 // JVNDB: JVNDB-2014-001444 // BID: 65738 // VULHUB: VHN-69205 // VULMON: CVE-2014-1266 // PACKETSTORM: 125371 // PACKETSTORM: 125347 // PACKETSTORM: 125370

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	gte	version:	10.9	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	6.1.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	7.0	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	gte	version:	6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.9.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	7.0.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	6.0	Trust: 1.0
vendor:	アップル	model:	apple tv	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.8
vendor:	アップル	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	lt	version:	7.x (ipad 2 from )	Trust: 0.8
vendor:	アップル	model:	ios	scope:	lt	version:	7.x (ipod touch no. 5 generation )	Trust: 0.8
vendor:	アップル	model:	ios	scope:	lt	version:	6.x (iphone 3gs)	Trust: 0.8
vendor:	アップル	model:	ios	scope:	lt	version:	7.x (iphone 4 from )	Trust: 0.8
vendor:	アップル	model:	ios	scope:	lt	version:	6.x (ipod touch no. 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.4	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	7.0.3	Trust: 0.6

sources: JVNDB: JVNDB-2014-001444 // CNNVD: CNNVD-201402-306 // NVD: CVE-2014-1266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1266
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1266
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-306
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69205
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-1266
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1266
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-69205
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-1266
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2014-1266
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-69205 // VULMON: CVE-2014-1266 // JVNDB: JVNDB-2014-001444 // CNNVD: CNNVD-201402-306 // NVD: CVE-2014-1266

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-69205 // JVNDB: JVNDB-2014-001444 // NVD: CVE-2014-1266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-306

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-306

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-69205

PATCH

title:	HT6150	url:	http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html	Trust: 0.8
title:	OSXUpd10.9.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48233	Trust: 0.6
title:	apple-tv-video-converter	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48232	Trust: 0.6
title:	iPhone4,1_7.0.6_11B651_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48231	Trust: 0.6
title:	iPhone2,1_6.1.6_10B500_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48230	Trust: 0.6
title:	OS X/iOS SSL Flaw POC	url:	https://github.com/gabrielg/CVE-2014-1266-poc	Trust: 0.1
title:	SSL Patch (CVE-2014-1266)	url:	https://github.com/linusyang/SSLPatch	Trust: 0.1
title:	Reverse-Engineering-toolkit Directory IDA Ghidra x64dbg OllyDbg WinDBG Android Apple&&iOS&&iXxx Cuckoo DBI	url:	https://github.com/geeksniper/reverse-engineering-toolkit	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/JERRY123S/all-poc	Trust: 0.1
title:	Table of Contents	url:	https://github.com/CVEDB/top	Trust: 0.1
title:	Table of Contents	url:	https://github.com/CVEDB/awesome-cve-repo	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/hktalent/TOP	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/cyberanand1337x/bug-bounty-2022	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/weeka10/-hktalent-TOP	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/	Trust: 0.1

sources: VULMON: CVE-2014-1266 // JVNDB: JVNDB-2014-001444 // CNNVD: CNNVD-201402-306

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1266	Trust: 4.0
db:	JVN	id:	JVNVU95868425	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001444	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-306	Trust: 0.7
db:	BID	id:	65738	Trust: 0.4
db:	PACKETSTORM	id:	125347	Trust: 0.2
db:	PACKETSTORM	id:	125371	Trust: 0.2
db:	PACKETSTORM	id:	125370	Trust: 0.2
db:	VULHUB	id:	VHN-69205	Trust: 0.1
db:	VULMON	id:	CVE-2014-1266	Trust: 0.1

sources: VULHUB: VHN-69205 // VULMON: CVE-2014-1266 // BID: 65738 // JVNDB: JVNDB-2014-001444 // PACKETSTORM: 125371 // PACKETSTORM: 125347 // PACKETSTORM: 125370 // CNNVD: CNNVD-201402-306 // NVD: CVE-2014-1266

REFERENCES

url:	https://news.ycombinator.com/item?id=7281378	Trust: 2.6
url:	http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187	Trust: 2.5
url:	http://support.apple.com/kb/ht6146	Trust: 1.8
url:	http://support.apple.com/kb/ht6147	Trust: 1.8
url:	http://support.apple.com/kb/ht6148	Trust: 1.8
url:	http://support.apple.com/kb/ht6150	Trust: 1.8
url:	https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html	Trust: 1.8
url:	https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html	Trust: 1.8
url:	https://www.imperialviolet.org/2014/02/22/applebug.html	Trust: 1.8
url:	http://jvn.jp/vu/jvnvu95868425/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1266	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/appletv/features.html	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1266	Trust: 0.3
url:	http://gpgtools.org	Trust: 0.3
url:	http://support.apple.com/kb/ht1222	Trust: 0.3
url:	https://www.apple.com/itunes/	Trust: 0.2
url:	http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://github.com/gabrielg/cve-2014-1266-poc	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 65738

SOURCES

db:	VULHUB	id:	VHN-69205
db:	VULMON	id:	CVE-2014-1266
db:	BID	id:	65738
db:	JVNDB	id:	JVNDB-2014-001444
db:	PACKETSTORM	id:	125371
db:	PACKETSTORM	id:	125347
db:	PACKETSTORM	id:	125370
db:	CNNVD	id:	CNNVD-201402-306
db:	NVD	id:	CVE-2014-1266

LAST UPDATE DATE

2025-04-11T22:23:07.510000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-69205	date:	2019-03-08T00:00:00
db:	VULMON	id:	CVE-2014-1266	date:	2024-02-09T00:00:00
db:	BID	id:	65738	date:	2014-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-001444	date:	2024-03-01T02:16:00
db:	CNNVD	id:	CNNVD-201402-306	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2014-1266	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-69205	date:	2014-02-22T00:00:00
db:	VULMON	id:	CVE-2014-1266	date:	2014-02-22T00:00:00
db:	BID	id:	65738	date:	2014-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-001444	date:	2014-02-25T00:00:00
db:	PACKETSTORM	id:	125371	date:	2014-02-24T16:22:22
db:	PACKETSTORM	id:	125347	date:	2014-02-22T03:01:11
db:	PACKETSTORM	id:	125370	date:	2014-02-24T17:22:22
db:	CNNVD	id:	CNNVD-201402-306	date:	2014-02-25T00:00:00
db:	NVD	id:	CVE-2014-1266	date:	2014-02-22T17:05:21.767