CVE-2006-4409

Name of the Vulnerable Software and Affected Versions Mac OS X versions 10.4 through 10.4.8

Description The issue concerns the Online Certificate Status Protocol (OCSP) service in the Security Framework, which retrieves certificate revocation lists (CRL) when an HTTP proxy is in use. This could lead to the system accepting certificates that have been revoked.

Recommendations For Mac OS X versions 10.4 through 10.4.8, consider disabling the use of HTTP proxies for OCSP services until a fix is available. Restrict access to the OCSP service to minimize the risk of exploitation.