CVE-2011-0199

Name of the Vulnerable Software and Affected Versions Mac OS X versions prior to 10.6.8

Description The issue concerns the Certificate Trust Policy component, which fails to perform CRL checking for Extended Validation (EV) certificates lacking OCSP URLs. This might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

Recommendations For Mac OS X versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of EV certificates that lack OCSP URLs to minimize the risk of exploitation.