CVE-2014-1295

Published: Apr 23, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Affected (22)

Products: Apple: Iphone Os, Mac Os X, Tvos

3 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.1
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0.3
Apple Iphone Os	Version 7.0.4
Apple Iphone Os	Version 7.0.5
Apple Iphone Os	Version 7.0.6
Apple Iphone Os	Version 7.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.9.1
Apple Mac Os X	Version 10.9.2
Apple Mac Os X	Version 10.9

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Up to 6.1
Apple Tvos	Version 6.0.1
Apple Tvos	Version 6.0.2
Apple Tvos	Version 6.0

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.8.0
Apple Mac Os X	Version 10.8.1
Apple Mac Os X	Version 10.8.2
Apple Mac Os X	Version 10.8.3
Apple Mac Os X	Version 10.8.4
Apple Mac Os X	Version 10.8.5
Apple Mac Os X	Version 10.8.5 supplemental_update