The Inquirer-Home

Apple offers fix for iOS SSL hell

Mac OS X is still waiting
Mon Feb 24 2014, 11:57
Apple iPad Mini 2 with Retina display-iOS 7

GADGET DESIGNER Apple has swiftly released a fix for its iOS mobile operating system on iPhone and iPad devices that should limit its punters' exposure to an SSL vulnerability.

The issue was identified last Friday in a blog post from security outfit Crowdstrike. The firm's researchers said that it was possible through a man in the middle attack to bypass SSL/TLS verification routines on Apple devices.

"This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system)," Crowdstrike explained.

Crowdstrike said that the flaw is present on iOS and OS X systems. IOS users started to get the update late Friday and Apple told Reuters that a Mac OS X fix would be coming soon.

Apple spokeswoman Trudy Muller told the news agency, "We are aware of this issue and already have a software fix that will be released very soon."

While the Mac OS X version is lacking, users have been advised to tread carefully and consider the risks.

"This is a major bug that puts users' sensitive data like login credentials, passwords, email, and browsing data at risk," said Voltage Security VP Mark Bower.

"When Apple releases for OS X, users should patch at their earliest opportunity. Until then, users should be very wary of accessing web content that is sensitive, especially on a network that attackers may also be on at the same time - which is more often than you might think."

We've asked Apple when it plans to release the Mac OS X update, but so far it has not been forthcoming.

The iOS 7.0.6 release is available now. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015