The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 9.0.2 (inclusive)
View all (2 total)