1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kaspersky Safe Browser iOS app sports MITM SSL certificate bug

Discussion in 'Help Net Security' started by RSS, Aug 1, 2016.

  1. RSS

    RSS New Member Member

    Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, the app does not validate SSL certificates it receives when connecting to secure sites, and this could be exploited by attackers with Man-in-the-Middle capabilities to “present a bogus SSL certificate for a secure site which the application will accept silently.” After that, all the information that is exchanged between the … More →

    Continue reading...

Share This Page