Printed from

SSL vulnerability revealed as major issue; forced release of iOS patch

updated 04:15 pm EST, Sun February 23, 2014

OS X said be vulnerable to same style of attack, patch to come

On February 21, Apple released a patch for iOS bringing iOS 7 and 6 to versions 7.06 and 6.16 (respectively), with little fanfare as to why the patch was issued. However, it now appears to have had more to it than a simple fix to SSL connections. The release notes mentioned a Secure Socket Layer (SSL) vulnerability for "an attacker with a privileged network," meaning that a flaw in the SSL implementation could conceivably allow for a "man-in-the-middle" attack as uncovered by ZDNet.

The patch fixes a vulnerability that was keeping the system from doing SSL/TLS hostname checks, leaving communications unencrypted that were meant to be encrypted. The flaw could leave data such as passwords and personal information open to interception by someone on the same network that was using software to decode transmissions. In ZDNet's report, "the vulnerability allows anyone with a certificate signed by a 'trusted CA' to do a man-in-the-middle (MITM) attack." The flaw could very well be how the NSA claimed to be able to spy on iOS devices in the past, though there is no firm evidence of that -- or of any significant use of the loophole -- thus far.

Phil Plait of Slate has noted that the patch itself has also caused problems, and is said to have "bricked" several Apple devices for some users, including issues which he documented with his own iPad 2.

OS X has apparently also been open to a similar flaw, possibly for several months, perhaps even dating back to version 10.7. In a statement issued from Apple spokeswoman Trudy Muller to Reuters on Saturday she said that the company is "aware of this issue, and already have a software fix that will be released very soon." No official date has been announced, though it should be noted that there have also been no reports of system compromises that can be tied to this bug thus far. In the meantime, users may wish to tread carefully in engaging in sensitive activities on public Wi-Fi networks with Macs until the update for OS X is released.

By Electronista Staff
Post tools:




  1. Mechanic

    Fresh-Faced Recruit

    Joined: 12-11-11

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

  1. Sebastien

    Registered User

    Joined: 04-29-00

    I was reported by developers. To not publish it ASAP would be borderline criminal.

  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    Originally Posted by MechanicView Post

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

    Yeah, it's no news at all.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...



Most Commented


Popular News