Vulnerability
The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-
- The connection is private
- The identity of parties can be authenticated
- The connection is reliable
Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.
Some of the TLS certificates do not support old Safari versions.
Impact
The impact include:-
- Renegotiation attack
- Downgrade attacks like Logjam and FREAK
- Cross-platform attacks like DROWN
- BEAST attack
- Breach attacks
- POODLE attacks
Mitigation / Precaution
This vulnerability can be fixed by:-
- Changing the TLS cipher for the end users that use the older version of Safari.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
