facebook
twitter
rss
account
search
search
 

Apple issues iOS update for major SSL security flaw, OS X still waiting

Apple has rushed an update to plug a security hole associated with SSL encryption.
By Ananth Baliga   |   Feb. 24, 2014 at 11:46 AM   |   Comments

//cdnph.upi.com/sv/em/i/UPI-6721393260400/2014/1/13932623174275/Apple-issues-iOS-update-for-major-SSL-security-flaw-OS-X-still-waiting.jpg
CUPERTINO, Calif., Feb. 24 (UPI) -- Apple on Friday issued iOS 7.0.6, an update for a secure socket layer flaw that could have allowed hackers to intercept emails and other communications.

The update was rushed out the door Friday and will fix the vulnerability, wherein Apple devices were not doing SSL/TLS hostname checking. This left devices vulnerable to Man in the Middle attacks, where communications between your browser and a server can be monitored by an outsider.

The SSL flaw is unexpected and maybe a little embarrassing for Apple, considering that SSL encryption has been around for years. According to reports, it is possible that this glitch could have sneaked in the iOS 6.0 code.

The update is available for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). Other older devices seem to have been ignored.

Meanwhile security researchers say that Apple computers running OS X could be at a greater risk of such attacks, and remain at risk until Apple issues an update it says to expect "soon."

Until then, Mac OS X users have been advised against using unsecured or public Wi-Fi networks, as the Safari and Mail apps in particular are still vulnerable, and in the meantime to use Chrome or Firefox.

The urgency with which Apple has rushed this update makes it seem like the security hole was major. iOS users can update their devices to the 7.0.6 version and those on older devices, like the 3GS or an old iPod touch, can download iOS 6.1.6.


[Gizmodo]
[ZDNet]

Follow @antbaliga and @UPI on Twitter.
Contact the Author
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Featured UPI Collection
trending
2014: The Year in Music [PHOTOS]

2014: The Year in Music [PHOTOS]

Most Popular
1
Deloitte: App downloads dwindle, 1 in 3 users disinterested
2
AESA radar integrated into new F-16V
3
Iran wants to develop mini-LNG plants
4
Twitter to remove pictures of deceased on family's request
5
Samsung partners with Barnes & Noble for Galaxy Tab 4 Nook
Trending News
Video
x
Feedback