all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The issue with ATS in Apple’s macOS and iOS

Add to bookmarks
Oct. 30, 2023, noon | Trail of Bits

Trail of Bits Blog blog.trailofbits.com

Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affects iOS versions 10 and later and macOS versions 10.12 and later. The flaw, identified by Will Brattain, resides in Apple’s App Transport Security (ATS) protocol handling. We discovered that Apple’s ATS fails to require the encryption of connections to IP addresses and *.local hostnames, […]

app apple bits connections cve encryption flaw handling ios issue macos protocol security trail of bits transport transport security vulnerability

Visit resource

More from blog.trailofbits.com / Trail of Bits Blog

The life and times of an Abstract Syntax Tree 4 days, 1 hour ago | blog.trailofbits.com
artificially intelligent can clear compiler +14
Curvance: Invariants unleashed 6 days ago | blog.trailofbits.com
assessments audits blockchain building +15
Announcing two new LMS libraries 1 week, 3 days ago | blog.trailofbits.com
algorithm bits cryptography digital +17
5 reasons to strive for better disclosure processes 3 weeks ago | blog.trailofbits.com
blog bugs disclosure examples +6
Introducing Ruzzy, a coverage-guided Ruby fuzzer 1 month, 1 week ago | blog.trailofbits.com
application security bits bugs code +16
Why fuzzing over formal verification? 1 month, 2 weeks ago | blog.trailofbits.com
audits blockchain development fuzzing +3
Streamline your static analysis triage with SARIF Explorer 1 month, 2 weeks ago | blog.trailofbits.com
analysis audits explorer extension +8
Read code like a pro with our weAudit VSCode extension 1 month, 2 weeks ago | blog.trailofbits.com
audits bugs code codebase +12
Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing 1 month, 2 weeks ago | blog.trailofbits.com
addresses bits blockchain bugs +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité - Nantes

@ Hifield | Saint-Herblain, France
View on infosec-jobs.com

L2 Security - Senior Security Engineer

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com

GRC Integrity Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Consultant Active Directory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Consultant PCI-DSS H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Head of Security Operations

@ Canonical Ltd. | Home based - Americas, EMEA
View on infosec-jobs.com
View more jobs