Menu
Major SSL flaw found in iOS, OS X

Major SSL flaw found in iOS, OS X

Apple has released a patch for iOS and says an OS X fix will be released 'very soon'

Security researchers revealed late Friday that iOS's validation of SSL encryption had a coding error that bypassed a key validation step in the Web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.

Apple released a patch Friday evening, available to al iOS users. iOS users should have already received a notification of the update's availability or have had it automatically installed, depending on their device's iOS version, update settings, and available space for downloading the update.

[ It's time to rethink security. Two former CIOs show you how to rething your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

But on Saturday, several researchers reported that the flaw also affected OS X 10.9 Mavericks and perhaps other OS X versions. Late Saturday, Apple said it had a fix ready for OS X and would release it "very soon." On OS X, the flaw is likewise limited to SSL connections over unsecured Wi-Fi networks, though only in Safari.

The update will be available through OS X's Software Update utility, which is set to download security updates automatically by default in recent OS X versions.

iOS uses the WebKit-based Safari engine even in non-Safari browsers, so all iOS browsers can be exploited. By contrast, OS X lets each browser use it's own browser engine. A Google security researcher said Chrome does not have the coding flaw; other researchers have said that Mozilla Firefox is likewise safe.

This article, "Major SSL flaw found in iOS, OS X," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingAppleiosoperating systemssoftwareapplicationsMac OS Xintrusionmobile technologyweb browsersapplication securityAccess control and authentication

Featured

Slideshows

Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments