The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
High
C
There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity
High
I
There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the attacker being able to modify any file on the target system.
Availability
High
A
There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.
Kaspersky Safe Browser Man-In-The-MiddleKaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)
Overview
"Stay safe from malicious links, suspicious content and identity theft while you surfing the Internet."
"Our Safe Browser covers the original iPhone & iPad web browser and detects & blocks phishing sites that can steal your money & your account details, eliminates unwanted content & notifies about spam links - for you to surf the web without frontiersa| safely."
"You will get:
- Advanced Anti-Phishing to effectively block fake websites
- Proactive detection of fraudulent links / URLs - powered by the cloud
- Content filtering to choose & block specific categories of unwanted info
- Safe internet browsing across Google, Bing, Yandex and Yahoo search engines"
(https://itunes.apple.com/us/app/kaspersky-safe-browser-fast/id723879672)
Issue
The Kaspersky Safe Browser iOS application (version 1.6.0 and below), does not validate SSL certificates it receives when connecting to secure sites.
Impact
An attacker who can perform a man in the middle attack may present a bogus SSL certificate for a secure site which the application will accept silently. Usernames, passwords and sensitive information could be captured by an attacker without the user's knowledge.
Timeline
June 23, 2016 - Notified Kaspersky via [email protected]
June 23, 2016 - Kaspersky responded that they will investigate
June 27, 2016 - Kaspersky confirmed the vulnerability and advised that the issue would be resolved in the next release
June 27, 2016 - Asked for a timeline when the new version would be released
June 30, 2016 - Kaspersky responded stating that they do not yet have a release date
July 18, 2016 - Kaspersky advised that the update is scheduled to be released at the end of July
July 28, 2016 - Kaspersky released version 1.7.0 which resolves this vulnerability
Solution
Upgrade to version 1.7.0 or later
https://support.kaspersky.com/vulnerability.aspx?el=12430#280716
CVE-ID: CVE-2016-6231
Questions?
http://www.info-sec.ca/contact.html
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum