TweakTown
Tech content trusted by users in North America and around the world
5,911 Reviews & Articles | 38,070 News Posts

iOS contained security flaw that failed to validate SSL

Coding flaw found in previous iOS version that has put many user's data at risk as it fails to validate SSL (NASDAQ:AAPL)

| Mobile Devices, Tablets & Phones News | Posted: Feb 26, 2014 12:15 am

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS.

 

TweakTown image news/3/5/35663_1_ios_7_0_6_released_fixes_ssl_encryption_flaw.jpg

 

End users should update their Apple devices with the latest iOS patch. Such users who do not do so could be to open to attacks or or have data being viewed, altered or downloaded via the SSL. The security patch document specified that iOS Secure Transport 'failed to validate the authenticity of the connection'.

 

It was also reported that banks have contacted their customers and advised them to update to iOS 7.0.6 immediately.

 

According to Google software engineer Adam Langley, this bug may have been introduced in OSX 10.9. Security firm Crowdstrike also said that OS X maybe vulnerable as it shows the same authentication flaw. They've also said,"Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system."

NEWS SOURCE
Cultofmac.com

Related Tags

Further Reading: Read and find more Mobile Devices, Tablets & Phones news at our Mobile Devices, Tablets & Phones news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases