THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks

[GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks

medgithub_advisoriesPublished 2026-07-13

GHSA-8f6j-263m-g72x Severity: medium CVE: None

Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checks

### Summary `SignedDataVerifier` attempts to perform online revocation checking when `enable_online_checks=True`, but its OCSP validation logic accepts stale `GOOD` responses as valid indefinitely. In `appstoreserv

Original source: https://github.com/advisories/GHSA-8f6j-263m-g72x