TweakTown

iOS contained security flaw that failed to validate SSL

Coding flaw found in previous iOS version that has put many user's data at risk as it fails to validate SSL.

Published Tue, Feb 25 2014 6:15 PM CST   |   Updated Sat, Aug 8 2020 10:29 AM CDT

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS.

iOS contained security flaw that failed to validate SSL | TweakTown.com

End users should update their Apple devices with the latest iOS patch. Such users who do not do so could be to open to attacks or or have data being viewed, altered or downloaded via the SSL. The security patch document specified that iOS Secure Transport 'failed to validate the authenticity of the connection'.

It was also reported that banks have contacted their customers and advised them to update to iOS 7.0.6 immediately.

According to Google software engineer Adam Langley, this bug may have been introduced in OSX 10.9. Security firm Crowdstrike also said that OS X maybe vulnerable as it shows the same authentication flaw. They've also said,"Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system."

NEWS SOURCE:cultofmac.com

After being a long time PC enthusiast and a former contributor for many Indian based PC and Tech forums, Roshan now joins TweakTown covering tech news and also any developments from India. Like many enthusiasts, with years of being involved in many Indian tech forums and running his own tech site, he's commonly referred by his forum nickname 'The Sorcerer' by many old and new fellow PC enthusiasts, followed by few companies from time to time. He's also the winner of the TweakTown's Computex 2012 Taipei trip. If any free time is left, Roshan prefers to play FPS games.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles