Apple issues iOS update for major SSL security flaw, OS X still waiting

Apple has rushed an update to plug a security hole associated with SSL encryption.
By Ananth Baliga   |   Feb. 24, 2014 at 11:46 AM

CUPERTINO, Calif., Feb. 24 (UPI) -- Apple on Friday issued iOS 7.0.6, an update for a secure socket layer flaw that could have allowed hackers to intercept emails and other communications.

The update was rushed out the door Friday and will fix the vulnerability, wherein Apple devices were not doing SSL/TLS hostname checking. This left devices vulnerable to Man in the Middle attacks, where communications between your browser and a server can be monitored by an outsider.

The SSL flaw is unexpected and maybe a little embarrassing for Apple, considering that SSL encryption has been around for years. According to reports, it is possible that this glitch could have sneaked in the iOS 6.0 code.

The update is available for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). Other older devices seem to have been ignored.

Meanwhile security researchers say that Apple computers running OS X could be at a greater risk of such attacks, and remain at risk until Apple issues an update it says to expect "soon."

Until then, Mac OS X users have been advised against using unsecured or public Wi-Fi networks, as the Safari and Mail apps in particular are still vulnerable, and in the meantime to use Chrome or Firefox.

The urgency with which Apple has rushed this update makes it seem like the security hole was major. iOS users can update their devices to the 7.0.6 version and those on older devices, like the 3GS or an old iPod touch, can download iOS 6.1.6.

[Gizmodo] [ZDNet]

Related UPI Stories
Latest Headlines
Trending Stories
TSU shooting: 1 dead, 1 wounded in third shooting this week at Houston campus
Listeria threat prompts Whole Foods cheese recall
Russia says missiles aimed at Syria did not land in Iran
Captive orca breeding banned at California's SeaWorld
Wrong drug used in Oklahoma execution