CVE-2014-1266

Name of the Vulnerable Software and Affected Versions Apple iOS versions 6.0 through 6.1.5 Apple iOS version 7.0 through 7.0.5 Apple TV version 6.0 through 6.0.1 Apple OS X version 10.9 through 10.9.1

Description The issue concerns the SSLVerifySignedServerKeyExchange function, which fails to verify the signature in a TLS Server Key Exchange message. This allows man-in-the-middle attackers to impersonate SSL servers by either using an arbitrary private key for signing or skipping the signing step altogether.

Recommendations For Apple iOS versions 6.0 through 6.1.5, update to version 6.1.6 or later. For Apple iOS version 7.0 through 7.0.5, update to version 7.0.6 or later. For Apple TV version 6.0 through 6.0.1, update to version 6.0.2 or later. For Apple OS X version 10.9 through 10.9.1, update to version 10.9.2 or later.