facebook
twitter
rss
account
search
search
 

Apple issues iOS update for major SSL security flaw, OS X still waiting

Apple has rushed an update to plug a security hole associated with SSL encryption.
By Ananth Baliga   |   Feb. 24, 2014 at 11:46 AM   |   Comments

http://cdnph.upi.com/sv/em/i/UPI-6721393260400/2014/1/13932623174275/Apple-issues-iOS-update-for-major-SSL-security-flaw-OS-X-still-waiting.jpg
CUPERTINO, Calif., Feb. 24 (UPI) -- Apple on Friday issued iOS 7.0.6, an update for a secure socket layer flaw that could have allowed hackers to intercept emails and other communications.

The update was rushed out the door Friday and will fix the vulnerability, wherein Apple devices were not doing SSL/TLS hostname checking. This left devices vulnerable to Man in the Middle attacks, where communications between your browser and a server can be monitored by an outsider.

The SSL flaw is unexpected and maybe a little embarrassing for Apple, considering that SSL encryption has been around for years. According to reports, it is possible that this glitch could have sneaked in the iOS 6.0 code.

The update is available for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). Other older devices seem to have been ignored.

Meanwhile security researchers say that Apple computers running OS X could be at a greater risk of such attacks, and remain at risk until Apple issues an update it says to expect "soon."

Until then, Mac OS X users have been advised against using unsecured or public Wi-Fi networks, as the Safari and Mail apps in particular are still vulnerable, and in the meantime to use Chrome or Firefox.

The urgency with which Apple has rushed this update makes it seem like the security hole was major. iOS users can update their devices to the 7.0.6 version and those on older devices, like the 3GS or an old iPod touch, can download iOS 6.1.6.


[Gizmodo]
[ZDNet]

Follow @antbaliga and @UPI on Twitter.
Contact the Author
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
Navy tests MQ-8C unmanned helos Navy tests MQ-8C unmanned helos
2
Europe must drop the euro, Germany abandon mercantilism Europe must drop the euro, Germany abandon mercantilism
3
Harris selected for geospatial data products Harris selected for geospatial data products
4
Sweden plans to replace its Defense and Security Export Agency Sweden plans to replace its Defense and Security Export Agency
5
Throwback Thursday: Facebook launches old-school 'Rooms' app Throwback Thursday: Facebook launches old-school 'Rooms' app
Trending News
Around the Web
x
Feedback