Printed from

SSL vulnerability revealed as major issue; forced release of iOS patch

updated 04:15 pm EST, Sun February 23, 2014

OS X said be vulnerable to same style of attack, patch to come

On February 21, Apple released a patch for iOS bringing iOS 7 and 6 to versions 7.06 and 6.16 (respectively), with little fanfare as to why the patch was issued. However, it now appears to have had more to it than a simple fix to SSL connections. The release notes mentioned a Secure Socket Layer (SSL) vulnerability for "an attacker with a privileged network," meaning that a flaw in the SSL implementation could conceivably allow for a "man-in-the-middle" attack as uncovered by ZDNet.

The patch fixes a vulnerability that was keeping the system from doing SSL/TLS hostname checks, leaving communications unencrypted that were meant to be encrypted. The flaw could leave data such as passwords and personal information open to interception by someone on the same network that was using software to decode transmissions. In ZDNet's report, "the vulnerability allows anyone with a certificate signed by a 'trusted CA' to do a man-in-the-middle (MITM) attack." The flaw could very well be how the NSA claimed to be able to spy on iOS devices in the past, though there is no firm evidence of that -- or of any significant use of the loophole -- thus far.

Phil Plait of Slate has noted that the patch itself has also caused problems, and is said to have "bricked" several Apple devices for some users, including issues which he documented with his own iPad 2.

OS X has apparently also been open to a similar flaw, possibly for several months, perhaps even dating back to version 10.7. In a statement issued from Apple spokeswoman Trudy Muller to Reuters on Saturday she said that the company is "aware of this issue, and already have a software fix that will be released very soon." No official date has been announced, though it should be noted that there have also been no reports of system compromises that can be tied to this bug thus far. In the meantime, users may wish to tread carefully in engaging in sensitive activities on public Wi-Fi networks with Macs until the update for OS X is released.

By Electronista Staff
Post tools:




  1. Mechanic

    Fresh-Faced Recruit

    Joined: 12-11-11

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

  1. Sebastien

    Registered User

    Joined: 04-29-00

    I was reported by developers. To not publish it ASAP would be borderline criminal.

  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    Originally Posted by MechanicView Post

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

    Yeah, it's no news at all.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News