TweakTown
Tech content trusted by users in North America and around the world
6,144 Reviews & Articles | 39,499 News Posts
Weekly Giveaway: Win an Antec Case, PSU and Cooler (Global Entry!)

iOS contained security flaw that failed to validate SSL

Coding flaw found in previous iOS version that has put many user's data at risk as it fails to validate SSL (NASDAQ:AAPL)

| Mobile Devices, Tablets & Phones News | Posted: Feb 26, 2014 12:15 am

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS.

 

TweakTown image news/3/5/35663_1_ios_7_0_6_released_fixes_ssl_encryption_flaw.jpg

 

End users should update their Apple devices with the latest iOS patch. Such users who do not do so could be to open to attacks or or have data being viewed, altered or downloaded via the SSL. The security patch document specified that iOS Secure Transport 'failed to validate the authenticity of the connection'.

 

It was also reported that banks have contacted their customers and advised them to update to iOS 7.0.6 immediately.

 

According to Google software engineer Adam Langley, this bug may have been introduced in OSX 10.9. Security firm Crowdstrike also said that OS X maybe vulnerable as it shows the same authentication flaw. They've also said,"Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system."

NEWS SOURCES:Cultofmac.com

Related Tags

Further Reading: Read and find more Mobile Devices, Tablets & Phones news at our Mobile Devices, Tablets & Phones news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases