Technology content trusted in North America and globally since 1999
8,565 Reviews & Articles | 66,668 News Posts

iOS contained security flaw that failed to validate SSL

Coding flaw found in previous iOS version that has put many user's data at risk as it fails to validate SSL

By: Roshan Ashraf Shaikh from Feb 25, 2014 @ 18:15 CST

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS.


End users should update their Apple devices with the latest iOS patch. Such users who do not do so could be to open to attacks or or have data being viewed, altered or downloaded via the SSL. The security patch document specified that iOS Secure Transport 'failed to validate the authenticity of the connection'.

It was also reported that banks have contacted their customers and advised them to update to iOS 7.0.6 immediately.

According to Google software engineer Adam Langley, this bug may have been introduced in OSX 10.9. Security firm Crowdstrike also said that OS X maybe vulnerable as it shows the same authentication flaw. They've also said,"Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system."


Related Tags