Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
Mac Newsforums, a part of the
It has been big news for the last couple of days that Apple released iOS 7.0.6 to fix a very nasty SSL connection verification bug that could leave the user...
02-23-2014, 09:53 PM #1
Apple: Nasty SSL Security Bug Fix Coming to Mac OS X Soon
It has been big news for the last couple of days that Apple released iOS 7.0.6 to fix a very nasty SSL connection verification bug that could leave the user open and vulnerable to man-in-the-middle networking attacks from inexperienced hackers.
The bug is also present on Mac OS X, and according to Reuters, Apple has spoken out with official word that they are aware of the issue and already have a fix for it that they plan to release as a software update in the very near future, although no specific date has been given just yet. The software update will likely come by way of the Mac App Store when it's ready for the public.
The bug has stirred quite the scare for Mac OS X users, and iOS users alike, as many Mac and iOS device users use their devices and machines for banking, social networking, and more; most of which use SSL to help keep the user safe from those that might be listening around for opportunities to steal information and sensitive data, including credit card information and passwords.
The SSL bug in OS X, like in iOS, spans across multiple applications, and not just Safari. Many of Apple's applications that take advantage of iCloud are also affected by this security issue.
We will be sure to let you know when this update is released to the public so that you can get your Mac OS X machines up to date with the latest security fixes.
02-23-2014, 10:16 PM #2
So I take it that Apple is going to make a xprotect exception with their own software here. If this were flash or java. It would've been blocked from being used.
02-23-2014, 11:55 PM #3
Am I right in reading about this, that the attacker would have to be on the same local network as you? Like on an un secure public hotspot where someone is eavesdropping on SSL traffic?
If that is the case your shouldn't be banking, or doing something else sensitive, on a public network anyways.
02-24-2014, 06:34 AM #4
Just fix it. Should have been fixed the same week it broke. I had to go and get JunosPulse for my Mac so I could SSL VPN.
02-24-2014, 08:28 AM #5
02-24-2014, 09:33 AM #6
They literally just have to put braces around two lines of code. Come on.
02-24-2014, 11:02 AM #7Here to help if I can. If I can't I know someone who can!
02-24-2014, 11:47 AM #8
02-24-2014, 01:44 PM #9
Even 6.0 would be horrible news. I got the "since 5.1.1" info from an Apple insider.. I'm so miffed!Here to help if I can. If I can't I know someone who can!
02-24-2014, 02:02 PM #10
02-24-2014, 02:58 PM #11Here to help if I can. If I can't I know someone who can!
02-24-2014, 03:19 PM #12
I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
02-24-2014, 03:28 PM #13
02-24-2014, 04:47 PM #14
02-24-2014, 05:52 PM #15