BUG iOS/OSX SSL/TLS vulnerability

visionlogic

Guru? Nope
Joined
Oct 11, 2009
Messages
117
Reaction score
33
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.

Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.

But a statement on its support website was blunt: The software "failed to validate the authenticity of the connection." ~ Full Reuter's article HERE

"The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or whatever else can't actually know for sure if the servers it's talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.

If you're on an iOS device, you need to download 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any." ~ Brian Barrett @ Gizmodo
 

mbellot

Active Member
Joined
Dec 15, 2008
Messages
404
Reaction score
185
If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any." ~ Brian Barrett @ Gizmodo

Good things my kids' iPods aren't allowed web access, Apple saw fit to abandon them at iOS 4.2...

Those were the last Apple products I purchased because of their intentional obsolescence.
 

visionlogic

Guru? Nope
Joined
Oct 11, 2009
Messages
117
Reaction score
33
Now another, different flaw in iOS:

Background Monitoring on Non-Jailbroken iOS 7 Devices — and a Mitigation - February 24, 2014: Background monitoring mobile applications has become a hot topic on mobile devices. Existing reports show that such monitoring can be conducted on jailbroken iOS devices. FireEye mobile security researchers have discovered such vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 successfully. We have been collaborating with Apple on this issue.

More info at FireEye HERE
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top