all InfoSec news
The issue with ATS in Apple’s macOS and iOS
Malware Analysis, News and Indicators - Latest topics malware.news
Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affects iOS versions 10 and later and macOS versions 10.12 and later. The flaw, identified by Will Brattain, resides in Apple’s App Transport Security (ATS) protocol handling. We discovered that Apple’s ATS fails to require the encryption of connections to IP addresses and *.local hostnames, which can leave applications vulnerable to information disclosure vulnerabilities and machine-in-the-middle (MitM) attacks.
Note: Apple published an advisory on September 18, 2023 confirming …
app apple bits connections cve encryption flaw handling ios issue macos protocol security trail of bits transport transport security vulnerability