visionlogic
Guru? Nope
- Joined
- Oct 11, 2009
- Messages
- 117
- Reaction score
- 33
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.
Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.
But a statement on its support website was blunt: The software "failed to validate the authenticity of the connection." ~ Full Reuter's article HERE
"The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or whatever else can't actually know for sure if the servers it's talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.
If you're on an iOS device, you need to download 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any." ~ Brian Barrett @ Gizmodo
Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.
But a statement on its support website was blunt: The software "failed to validate the authenticity of the connection." ~ Full Reuter's article HERE
"The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or whatever else can't actually know for sure if the servers it's talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.
If you're on an iOS device, you need to download 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any." ~ Brian Barrett @ Gizmodo