It is currently 18-08-2017 11:46

The Kaspersky Safe Browser for iOS detected dangerous vulnerability

The Kaspersky Safe Browser for iOS detected dangerous vulnerability

by sigismund » 2016-08-03 11:23:05


the Vulnerability allows to carry out an attack "man in the middle.


Security researcher David Coomber (David Coomber) found vulnerability in Kaspersky Safe Browser (iOS). The application is designed to identify and block malicious web sites.

Turned out Kaspersky Safe Browser (iOS) does not verify SSL certificates when connecting to secure sites. The vulnerability (CVE-2016-6231) allows an attacker to carry out an attack "man in the middle. According to the expert, an attacker could spoof an SSL certificate for secure website which the app will accept the default. Thus an attacker can easily intercept data transmitted between the application and the server. In the hands of the attacker can be a username and password of the user.

The specialists of "Kaspersky Lab" has already patched the vulnerability. Kaspersky Safe Browser (iOS) v1.7.0 does not subject to the breach. According to experts "Kaspersky lab", the vulnerability could be proekspluatirovat only if a user opens a malicious HTTPS link that is not defined or antivirus anti-phishing filters built into the app.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5