MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
not
Search

The Apple curl security incident 12604

Sunday March 10, 2024. 02:09 PM , from OS News
When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.
↫ Daniel Stenberg

Absolutely wild that Apple does not consider this a security issue.
Read more at OS News
https://www.osnews.com/story/138761/the-apple-curl-security-incident-12604/

Related News

not Security updates for Friday LWN.netMar 22
security 4 Internal Apple Emails That Helped the DOJ Build Its Case Wired: Tech.Mar 22
apple Apple Launches All-In-One 'Manuals, Specs, and Downloads' Website SlashdotMar 22
curl The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs Wired: Tech.Mar 21
system The US Claims Apple Has a Stranglehold on the Future Wired: Tech.Mar 21
checks Epic, Spotify, Others Back DOJ Lawsuit Against Apple SlashdotMar 21
fail U.S. Justice Department sues Apple over its ‘iPhone monopoly’ PC WorldMar 21
check Unpatchable Vulnerability in Apple Chip Leaks Secret Encryption Keys SlashdotMar 21
pass Goodbye, green bubble? Justice Department sues Apple over iPhone monopoly BoingBoingMar 21
cert United States files antitrust lawsuit against Apple OS NewsMar 21
store The US Sues Apple in an iPhone Antitrust Blockbuster Wired: Tech.Mar 21
when Uncle Sam, 15 US states launch antitrust war on Apple TheRegisterMar 21
incident Uncle Sam, 15 US states launch antitrust war on Apple TheRegisterMar 21
not Security updates for Thursday LWN.netMar 21
security Meta, Microsoft, X, Match pledge selves to Epic battle against Apple App Store TheRegisterMar 21
apple US Sues Apple, Alleges Tech Giant Exploits Illegal Monopoly SlashdotMar 21
curl Justice Department To Sue Apple For Antitrust Violations SlashdotMar 21
system UK council won't say whether two-week 'cyber incident' impacted resident data TheRegisterMar 21
checks ESET Home Security Premium review: Simple protection with a complex heart PC WorldMar 21
fail Hong Kong promises its latest national security law is not a ban on social media TheRegisterMar 21
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Apr, Sun 28 - 12:51 CEST