Menu
Major SSL flaw found in iOS, OS X

Major SSL flaw found in iOS, OS X

Apple has released a patch for iOS and says an OS X fix will be released 'very soon'

Security researchers revealed late Friday that iOS's validation of SSL encryption had a coding error that bypassed a key validation step in the Web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.

Apple released a patch Friday evening, available to al iOS users. iOS users should have already received a notification of the update's availability or have had it automatically installed, depending on their device's iOS version, update settings, and available space for downloading the update.

[ It's time to rethink security. Two former CIOs show you how to rething your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

But on Saturday, several researchers reported that the flaw also affected OS X 10.9 Mavericks and perhaps other OS X versions. Late Saturday, Apple said it had a fix ready for OS X and would release it "very soon." On OS X, the flaw is likewise limited to SSL connections over unsecured Wi-Fi networks, though only in Safari.

The update will be available through OS X's Software Update utility, which is set to download security updates automatically by default in recent OS X versions.

iOS uses the WebKit-based Safari engine even in non-Safari browsers, so all iOS browsers can be exploited. By contrast, OS X lets each browser use it's own browser engine. A Google security researcher said Chrome does not have the coding flaw; other researchers have said that Mozilla Firefox is likewise safe.

This article, "Major SSL flaw found in iOS, OS X," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags applicationsiosapplication securityMac OS Xoperating systemsCIOhackingAppleweb browsersintrusionmobile technologysecurityAccess control and authenticationsoftwareencryption

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments