Overview
Explore the critical vulnerabilities in iOS and macOS certificate validation through this 46-minute conference talk from Nullcon Goa 2023. Delve into the intricacies of TLS authentication, learn about the history of insecure server certificate validation in Apple's operating systems, and discover new exploits affecting both iOS and macOS. Gain insights into the newly released tool, certmitm, which automatically detects and exploits insecure certificate validation vulnerabilities in TLS clients. Understand the implications for penetration testers and bug bounty hunters, and examine Apple's approach to addressing these security concerns. Download accompanying slides to enhance your understanding of this crucial topic in cybersecurity.
Syllabus
Introduction
Certificates
Certmitm demo
Apple CVEs
Penetration testers & Bug bounty hunters
Apple
Taught by
nullcon