-
@ ch0k1
2025-02-15 11:26:10
High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
https://www.securityweek.com/high-severity-openssl-vulnerability-found-by-apple-allows-mitm-attacks/
The OpenSSL Project on Tuesday announced patches for the first high-severity vulnerability seen in the secure communications library in two years.
The vulnerability, tracked as CVE-2024-12797, was reported to OpenSSL developers by Apple in mid-December 2024.
The issue is related to clients using RFC7250 raw public keys (RPKs) to authenticate a server. CVE-2024-12797 was introduced in OpenSSL 3.2 with the implementation of RPK support.
originally posted at https://stacker.news/items/886505