The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
Max CVSS
5.0
EPSS Score
0.13%
Published
2011-03-11
Updated
2019-03-08
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
Max CVSS
2.6
EPSS Score
0.18%
Published
2011-10-14
Updated
2017-08-29
2 vulnerabilities found