Apple issues iOS update for major SSL security flaw, OS X still waiting

Apple has rushed an update to plug a security hole associated with SSL encryption.
By Ananth Baliga  |  Feb. 24, 2014 at 11:46 AM
share with facebook
share with twitter

CUPERTINO, Calif., Feb. 24 (UPI) -- Apple on Friday issued iOS 7.0.6, an update for a secure socket layer flaw that could have allowed hackers to intercept emails and other communications.

The update was rushed out the door Friday and will fix the vulnerability, wherein Apple devices were not doing SSL/TLS hostname checking. This left devices vulnerable to Man in the Middle attacks, where communications between your browser and a server can be monitored by an outsider.

The SSL flaw is unexpected and maybe a little embarrassing for Apple, considering that SSL encryption has been around for years. According to reports, it is possible that this glitch could have sneaked in the iOS 6.0 code.

The update is available for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). Other older devices seem to have been ignored.

Meanwhile security researchers say that Apple computers running OS X could be at a greater risk of such attacks, and remain at risk until Apple issues an update it says to expect "soon."

Until then, Mac OS X users have been advised against using unsecured or public Wi-Fi networks, as the Safari and Mail apps in particular are still vulnerable, and in the meantime to use Chrome or Firefox.

The urgency with which Apple has rushed this update makes it seem like the security hole was major. iOS users can update their devices to the 7.0.6 version and those on older devices, like the 3GS or an old iPod touch, can download iOS 6.1.6.

[Gizmodo] [ZDNet]

Related UPI Stories
Trending Stories