CVE-2015-5887

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11

Description The issue is related to the TLS Handshake Protocol implementation in Secure Transport, which accepts a Certificate Request message within a session where no Server Key Exchange message has been sent. This allows remote attackers to have an unspecified impact via crafted TLS data. The vulnerability is also described as being related to errors in the key exchange procedure, which can be exploited by a remote attacker to compromise information security.

Recommendations For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS connections to minimize the risk of exploitation.