Improper Certificate Validation in Safari on Windows by Apple
CVE-2011-0214

Currently unrated

Key Information:

Vendor: Apple
Status: Cfnetwork; Safari
Vendor: CVE Published:; 21 July 2011

What is CVE-2011-0214?

The vulnerability involves CFNetwork in Apple Safari prior to version 5.0.6 on Windows, where it inadequately handles untrusted attributes of system root certificates. This flaw enables remote web servers to circumvent intended SSL restrictions by utilizing a certificate signed by a discredited certification authority, potentially exposing users to significant security risks. Proper validation of certificates is essential to maintain secure browsing and prevent the exploitation of trust by malicious entities.

References

http://support.apple.com/kb/HT4808

x_refsource_CONFIRM

http://lists.apple.com/archives/security-announce/2011//J...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 21, 2011