POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a security vulnerability which takes advantage of the fallback to SSL 3.0.
[1][2][3] If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages.
[8] A full list of browser versions and levels of vulnerability to different attacks (including POODLE) can be found in the article Transport Layer Security.
Google stated in October 2014 it was planning to remove SSL 3.0 support from their products completely within a few months.
[12] Microsoft published a security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS,[13] and on October 29, 2014, Microsoft released a fix which disables SSL 3.0 in Internet Explorer on Windows Vista / Server 2003 and above and announced a plan to disable SSL 3.0 by default in their products and services within a few months.
[citation needed] POODLE was completely mitigated in OS X 10.11 (El Capitan 2015) and iOS 9 (2015).
This attack exploits implementation flaws of CBC encryption mode in the TLS 1.0 - 1.2 protocols.