Apple SSL Security Flaw Leaves Your Device Vulnerable

AppleShip copy beats

AppleShip copy

Apple users have something to worry about this morning as a new flaw in iOS and OSX has been revealed. The flaw could allow a hacker to intercept information that is supposed to be encrypted such as email and banking information. Hackers could also intercept social networking information. But keep in mind, this flaw is only usable if you’re sharing an unsecured network with other users, such as a coffee shop or public library. Good news is Apple has already patched and released an update to fix the SSL issue. You should check your iDevice for the update, iOS 7.0.6 here’s what Apple had to say about this new update.

About the security content of iOS 7.0.6

This document describes the security content of iOS 7.0.6.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see “Apple Security Updates“.


iOS 7.0.6

  • Data SecurityAvailable for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and laterImpact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLSDescription: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.CVE-IDCVE-2014-1266
The same flaw exists in current versions of OSX but there has yet to be a patch or fix for that. Apple is generally very good at patching these flaws when they arise so it won’t surprise me to see an update sooner than later. In the meantime, check those updates on your iPhone and iPad.
Source: Reuters
Enhanced by Zemanta
To Top