Apple macOS 10.12.2 Safari SSL handshake Memory Exhaustion [UNPATCHED]
Posted on 30 November -0001
<HTML><HEAD><TITLE>Apple macOS 10.12.2 Safari SSL handshake Memory Exhaustion [UNPATCHED]</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Apple did not fully patched I do not tested the latest update https://support.apple.com/en-us/HT207423 --- Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com) --- Use the latest Safari and macOS and check PoC: https://abuse.cert.cx/ </BODY></HTML>