SSL Vulnerability

On Friday, Apple released iOS 7.0.6,  a small maintenance release that turns out fixes a very important issue with Apple’s implementation of SSL.

SSL is used to encrypt network data traffic. This is used heavily with web traffic and plays an important part in securing any data passed between your client and the service you are using.

The bug in question could allow a network intruder or hacker to capture or modify your encrypted data. The attacker could potentially masquerade as the website you are visiting, and either access any data such as user name and passwords or worse pass back malware or other harmful code. It looks like the attacker can only pull this attack off if they are on the same physical wired network or same WI-FI network. So if you are concerned, avoid any public Wi-Fi networks until you patch your iOS 7 device.

The 7.0.6 patch for iOS fixes this issue, so all users of iOS 7 are recommend that they update immediately.

Apple have also released the same patch for iOS 6 users.

As far as OS X is concerned, it also suffers from the same vulnerability. Apple have commented that they are working on a patch, and it will be released soon. As soon as it is we recommend you update asap. [UPDATE: It seems only Mavericks OS X 10.9 suffers from this bug]

Apple have released a Tech Note article which you can read here.

If you want to check if your device has the vulnerability then visit this web site via your browser https://gotofail.com

Note not all browsers are affected. Safari is because it uses the SSL libraries that have this issue, while Google Chrome, on the other hand, does not.

So another recommendation for OS X users is to switch to Chrome until Apple patch the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *