CVE-2015-5887

Vulnerability

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X prior to version 10.11 (El Capitan) accepts a Certificate Request message within a session where no Server Key Exchange message has been sent. This deviates from the expected TLS handshake sequence, where a Certificate Request should only occur after a Server Key Exchange. Affected versions include OS X Mountain Lion v10.8.5, Mavericks v10.9.5, and Yosemite v10.10.5 [1].

Exploitation

A remote attacker with network access can send a crafted TLS handshake containing a Certificate Request message without preceding it with a Server Key Exchange message. The flaw lies in the client-side validation of the handshake order; no authentication or prior session setup is required for the attacker to initiate the malformed exchange [1].

Impact

Successful exploitation allows an attacker to have an unspecified impact on the TLS session. The description indicates the impact is not fully disclosed but could involve confidentiality or integrity violations, as the handshake is manipulated outside the standard protocol flow. The scope is limited to the TLS session between the client and the attacker-controlled server [1].

Mitigation

Apple addressed this vulnerability in OS X El Capitan v10.11, released on September 30, 2015. Users should update to OS X 10.11 or later via the Mac App Store. No workaround is listed for older versions. The issue is not known to be on the CISA KEV list [1].