Nimrod Aviram

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to the lack of protection for internal data in the Tcl component of the operating system. It can be exploited by a remote attacker to obtain sensitive information by leveraging SSLv2 support. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider disabling SSLv2 support to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.1s OpenSSL versions prior to 1.0.2g **Description** The issue is related to the SSLv2 protocol, which requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. This makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, also known as a "DROWN" attack. The vulnerability can be exploited by capturing packets or acting as a man-in-the-middle to obtain SSL session keys, decrypt encrypted traffic, and obtain users' sensitive information. Additionally, a side-channel attack was found that could lead to the recovery of RSA keys due to cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. **Recommendations** For OpenSSL versions prior to 1.0.1s, update to version 1.0.1s or later to resolve the issue. For OpenSSL versions prior to 1.0.2g, update to version 1.0.2g or later to resolve the issue. As a temporary workaround, consider disabling the use of the SSLv2 protocol until a patch is available. Restrict access to sensitive information and encrypted traffic to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.1 before 1.0.1r OpenSSL versions 1.0.2 before 1.0.2f **Description** The issue is related to errors in cryptographic transformations in the OpenSSL library, specifically in the ssl/s2 srvr.c function. This can be exploited by a remote attacker to compromise the cryptographic protection mechanism by performing computations on SSLv2 traffic, related to the `get client master key` and `get client hello` functions. The vulnerability makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms. **Recommendations** For OpenSSL versions 1.0.1 before 1.0.1r, update to version 1.0.1r or later. For OpenSSL versions 1.0.2 before 1.0.2f, update to version 1.0.2f or later. As a temporary workaround, consider disabling the use of SSLv2 traffic until a patch is available. Restrict access to the `get client master key` and `get client hello` functions to minimize the risk of exploitation.