Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Extended Validation Certificate Revocation Check Can Be Bypassed
SecurityTracker Alert ID:  1022346
SecurityTracker URL:
CVE Reference:   CVE-2009-1682   (Links to External Site)
Date:  Jun 9 2009
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.0
Description:   A vulnerability was reported in Apple Safari. A remote user can cause a page with a revoked extended validation (EV) certificate to be loaded without warning.

The revocation check of EV certificates in Safari can be bypassed.

Bruce Morton reported this vulnerability.

Impact:   A page with a revoked EV certificate may be loaded without warning the target user.
Solution:   The vendor has issued a fix (4.0), available via the Apple Software Update application, or Apple's Safari download site at:

Safari for Mac OS X v10.5.7
The download file is named: Safari4.0Leo.dmg
Its SHA-1 digest is: 9b18e8dad3b3acd91b7d4208f295422bf8e735ed

Safari for Mac OS X v10.4.11
The download file is named: Safari4.0Ti.dmg
Its SHA-1 digest is: c5298f24aa9c824a930ba3656487687630d2420a

Safari for Windows XP or Vista
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 46951d6c13bf847a54d033cec2cdf3383e31d1e1

Safari+QuickTime for Windows XP or Vista
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 6c421eb66d521dd03744f76c7e44a40d132379fc

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  UNIX (macOS/OS X), Windows (Vista), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC