nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
1287538d9d82e32529c0d747e336f8c5ebf4984b6eb88af17ffa07e9b262328d nSense Vulnerability Research Security Advisory NSENSE-2011-006
---------------------------------------------------------------
t2'11 infosec conference special release
http://www.t2.fi
---------------------------------------------------------------
Affected Vendor: Apple Inc.
Affected Product: CalDAV (iOS 3.0 through 4.3.5 for iPhone 3GS
and iPhone 4, iOS 3.1 through 4.3.5 for iPod
touch (3rd generation) and later, iOS 3.2
through 4.3.5 for iPad)
Platform: iOS
Impact: Sensitive information interception
Vendor response: New version released
CVE: CVE-2011-3253
Credit: Leszek / nSense
Release date: 12 Oct 2011
Technical details
---------------------------------------------------------------
The calendar synchronization feature of iOS fails to validate
the SSL certificate provided by the server. Therefore, CalDAV
communication can be intercepted by a basic man in the middle
attack. As every request contains a HTTP basic authentication
header, which contains base64-encoded credentials, it is
possible to intercept email account credentials by an attacker
that is suitably positioned (e.g. the same LAN, WLAN) or is
able to tamper with DNS records pointing to the CalDAV server.
The application accepts the untrusted certificate without any
warning or prompt, so the attack will go unnoticed by the user.
Timeline:
20110407 nSense informed the vendor about the vulnerability
20110409 Vendor started to investigate the issue
20110415 nSense sent a status update request to the vendor
20110415 Vendor provided a status update
20110420 nSense asked the vendor for further information
20110502 nSense resent the previous questions
20110502 Vendor confirmed the vulnerability
20110525 nSense asked the vendor about the patch schedule
20110527 Vendor responded
20110527 nSense asked the vendor for further information
20110531 Vendor responded, unable to provide a date
20110601 nSense asked the vendor for clarification
20110603 Vendor responded
20110603 nSense resent the previous question
20110607 nSense commented the issue, asked the vendor for
clarification
20110705 nSense asked the vendor for clarification
20110726 nSense asked the vendor whether 4.3.5 fixed the
issue
20110727 Vendor responded. Issue not fixed.
20110728 nSense asked the vendor for further details
20110917 Vendor asked for credit information
20110917 nSense responded
20111002 Vendor confirmed release date
20111012 Vendor releases fixed version of the software
20111012 Vendor releases public advisory
Solution:
Apple security updates are available via the Software Update
mechanism: http://support.apple.com/kb/HT1338
Apple security updates are also available for manual download
via: http://www.apple.com/support/downloads/
More information from Apple Inc.:
http://support.apple.com/kb/HT1222
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed