Anonymous SSL and TLS Connection Issue in Apple Mac OS X
CVE-2010-1800

Currently unrated

Key Information:

Vendor: Apple
Status: Cfnetwork; Mac Os X; Mac Os X Server
Vendor: CVE Published:; 25 August 2010

Summary

The CFNetwork component in Apple Mac OS X versions 10.6.3 and 10.6.4 has a critical vulnerability that allows attackers to exploit anonymous SSL and TLS connections. This flaw enables malicious actors to perform man-in-the-middle attacks, redirecting data connections and accessing sensitive information through specially crafted responses. Users of affected versions are advised to apply security updates promptly to mitigate this risk.

References

http://securitytracker.com/id?1024359

vdb-entryx_refsource_SECTRACK

http://lists.apple.com/archives/security-announce/2010//A...

vendor-advisoryx_refsource_APPLE

http://support.apple.com/kb/HT4312

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 25, 2010