Markulf Kohlweiss

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11 **Description** The issue is related to the TLS Handshake Protocol implementation in Secure Transport, which accepts a Certificate Request message within a session where no Server Key Exchange message has been sent. This allows remote attackers to have an unspecified impact via crafted TLS data. The vulnerability is also described as being related to errors in the key exchange procedure, which can be exploited by a remote attacker to compromise information security. **Recommendations** For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS connections to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11 **Description** The issue is related to the X.509 certificate-trust implementation, which does not properly handle revocation checking. This makes it easier for attackers to conduct man-in-the-middle attacks by using a revoked certificate. The vulnerability can be exploited by a remote attacker to spoof endpoints. **Recommendations** For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.