ED#165 : Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here

Discussion in 'Reviews & Articles' started by Adrian Wong, Feb 23, 2014.

  1. Adrian Wong

    Adrian Wong Da Boss Staff Member

    On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack.

    Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information.

    [​IMG]

    Link : ED#165 : Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here
     
    Adrian Wong, Feb 23, 2014
    #1
  2. Adrian Wong

    Adrian Wong Da Boss Staff Member

    Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here Rev. 2.0

    On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack.

    Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information.

    In this major update, we added a new section - "What Should OS X Users Do?", new details on the introduction of the SSL bug and amended our recommendations for older iOS devices. We also replaced the raw code with a screenshot for greater clarity.

    [​IMG]

    Link : ED#165 : Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here Rev. 2.0
     
    Adrian Wong, Feb 24, 2014
    #2
  3. Adrian Wong

    Adrian Wong Da Boss Staff Member

    Apple iOS And OS X Have A Critical Security Hole And The Fix Is Here Rev. 2.1

    On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack.

    Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information.

    In this update, we added an update about the newly released OS X 10.9.2 update which fixes the SSL bug for OS X.

    [​IMG]

    Link : ED#165 : Apple iOS And OS X Have A Critical Security Hole And The Fix Is Here Rev. 2.1
     
    Adrian Wong, Feb 26, 2014
    #3

Share This Page