Major iOS and OSX Flaw Discovered Spanning All Current Apple Devices

Update your iPhones and iPads! A new severe security vulnerability in iOS6, iOS7, and OSX Mavericks allows an attacker to intercept secure traffic and decrypt it using a man-in-the-middle attack. This impacts all Apple products including servers, workstations, notebooks, phones, tablets, and Apple TV.

The flaw, introduced in the iOS6 launch and only discovered on January 8th, makes it so that any application using Apples built-in SSL stack did not properly authenticate the source of a secure connection. This flaw also exists in OSX Mavericks and Apple is said to be working on an emergency patch.

As of this writing, the only way to ensure your secure connections are actually secure in OSX are to use browsers that do not use Apple's SSL stack. These browsers include Mozilla Firefox and Google Chrome. Safari is vulnerable until the new patch is released.

Conspiracy theorists are running wild about this discovery because iOS6 was launched only a month prior to Apple officially joining the PRISM program according to leaked slides from Edward Snowden. It has been proposed that Apple, or a saboteur within Apple, may have compromised the code intentionally, to allow the NSA to snoop on Apple products.

Sources:

http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/

http://support.apple.com/kb/HT6147

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1266

http://www.zdnet.com/major-apple-security-flaw-patch-issued-users-open-to-mitm-attacks-7000026624/


< last
next >