Explore the critical vulnerabilities in iOS and macOS certificate validation through this 46-minute conference talk from Nullcon Goa 2023. Delve into the intricacies of TLS authentication, learn about the history of insecure server certificate validation in Apple's operating systems, and discover new exploits affecting both iOS and macOS. Gain insights into the newly released tool, certmitm, which automatically detects and exploits insecure certificate validation vulnerabilities in TLS clients. Understand the implications for penetration testers and bug bounty hunters, and examine Apple's approach to addressing these security concerns. Download accompanying slides to enhance your understanding of this crucial topic in cybersecurity.
Self-Signed Certificates: Exploiting Insecure Certificate Validation in iOS and macOS
Overview
Syllabus
Introduction
Certificates
Certmitm demo
Apple CVEs
Penetration testers & Bug bounty hunters
Apple
Taught by
nullcon
Related Courses
-
Hacking and Pentesting iOS Applications
-
Automatic Exploitation of TLS Certificate Validation Vulnerabilities
-
Practical Recon Techniques for Bug Hunters & Pen Testers
-
Hacking Web Applications & Penetration Testing: Web Hacking
-
Complete Web Application Hacking & Penetration Testing
-
Synthetically Breaking macOS - Patrick Wardle - Ekoparty Security Conference - 2019
