OpenSSL’s MitM Mishap: CVE-2024-12797 Patched Just in Time!

OpenSSL patched the high-severity flaw CVE-2024-12797, which Apple discovered allowed man-in-the-middle attacks. The vulnerability affects clients using raw public keys and has been addressed in recent OpenSSL updates. Remember, folks, keeping your software updated is like flossing—tedious but essential to avoid nasty surprises!

3P
Published: February 11, 2025 9:59 pmAdded: February 11, 2025 at 2:18 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, OpenSSL, you sneaky little library! Just when we thought you were keeping our secrets safe, you had a vulnerability lurking like a bad guy in a spy movie. Thanks to Apple for playing detective and catching this bug before it could go on a crime spree. But let’s be real, the real MVP here is Viktor Dukhovni for swooping in and saving the day with a patch. It’s like a digital soap opera, and I’m here for it!

Key Points:

  • OpenSSL patched a high-severity flaw (CVE-2024-12797), enabling potential man-in-the-middle attacks.
  • This vulnerability affects TLS clients that explicitly use raw public keys (RPKs) in SSL_VERIFY_PEER mode.
  • The flaw was reported by Apple and fixed by Viktor Dukhovni.
  • The issue impacts OpenSSL versions 3.2, 3.3, and 3.4, now patched in versions 3.2.4, 3.3.2, and 3.4.1.
  • Previous high-severity flaws, CVE-2022-3602 and CVE-2022-3786, involved buffer overrun issues in OpenSSL.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?