CVE-2009-2825

Name of the Vulnerable Software and Affected Versions Mac OS X versions prior to 10.6.2

Description The issue arises from the improper handling of a '0' character in a domain name within the subject's Common Name (CN) field of an X.509 certificate. This could potentially allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For versions prior to 10.6.2, update to Mac OS X version 10.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the acceptance of certificates with '0' characters in the domain name of the subject's Common Name field until a patch is applied.