On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack. Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information. Link : ED#165 : Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here
Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here Rev. 2.0 On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack. Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information. In this major update, we added a new section - "What Should OS X Users Do?", new details on the introduction of the SSL bug and amended our recommendations for older iOS devices. We also replaced the raw code with a screenshot for greater clarity. Link : ED#165 : Apple iOS (And OS X) Have A Critical Security Hole And The Fix Is Here Rev. 2.0
Apple iOS And OS X Have A Critical Security Hole And The Fix Is Here Rev. 2.1 On Friday, the 21st of February, Apple acknowledged that they had a critical security hole in their iOS operating system. It was specifically an SSL (Secure Socket Layer) vulnerability in iOS and OS X that exposes iOS and OS X devices to a "man in the middle" attack. Apparently, Apple used "raw OpenSSL for HTTPS, but didn't include hostname verification". This is a glaring flaw because it would allow anyone with a valid SSL certificate to masquerade as a trusted website to harvest your communications or login information. In this update, we added an update about the newly released OS X 10.9.2 update which fixes the SSL bug for OS X. Link : ED#165 : Apple iOS And OS X Have A Critical Security Hole And The Fix Is Here Rev. 2.1