Results 1 to 15 of 15

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple: Nasty SSL Security Bug Fix Coming to Mac OS X Soon

  1. #1
    Default Apple: Nasty SSL Security Bug Fix Coming to Mac OS X Soon


    It has been big news for the last couple of days that Apple released iOS 7.0.6 to fix a very nasty SSL connection verification bug that could leave the user open and vulnerable to man-in-the-middle networking attacks from inexperienced hackers.

    The bug is also present on Mac OS X, and according to Reuters, Apple has spoken out with official word that they are aware of the issue and already have a fix for it that they plan to release as a software update in the very near future, although no specific date has been given just yet. The software update will likely come by way of the Mac App Store when it's ready for the public.

    The bug has stirred quite the scare for Mac OS X users, and iOS users alike, as many Mac and iOS device users use their devices and machines for banking, social networking, and more; most of which use SSL to help keep the user safe from those that might be listening around for opportunities to steal information and sensitive data, including credit card information and passwords.

    The SSL bug in OS X, like in iOS, spans across multiple applications, and not just Safari. Many of Apple's applications that take advantage of iCloud are also affected by this security issue.

    We will be sure to let you know when this update is released to the public so that you can get your Mac OS X machines up to date with the latest security fixes.

    Sources: Reuters

  2. #2
    So I take it that Apple is going to make a xprotect exception with their own software here. If this were flash or java. It would've been blocked from being used.

  3. #3
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,011
    Thanks
    116
    Thanked 128 Times in 98 Posts

    Am I right in reading about this, that the attacker would have to be on the same local network as you? Like on an un secure public hotspot where someone is eavesdropping on SSL traffic?

    If that is the case your shouldn't be banking, or doing something else sensitive, on a public network anyways.

  4. #4
    Livin the iPhone Life bigboyz's Avatar
    Join Date
    Feb 2009
    Location
    North East Coast
    Posts
    1,719
    Thanks
    2
    Thanked 245 Times in 163 Posts

    Just fix it. Should have been fixed the same week it broke. I had to go and get JunosPulse for my Mac so I could SSL VPN.

  5. #5
    Quote Originally Posted by slim.jim View Post
    Am I right in reading about this, that the attacker would have to be on the same local network as you? Like on an un secure public hotspot where someone is eavesdropping on SSL traffic?

    If that is the case you shouldn't be banking, or doing something else sensitive, on a public network anyways.
    People do anyways. All day every day.

  6. #6
    They literally just have to put braces around two lines of code. Come on.

  7. #7
    Quote Originally Posted by bigboyz View Post
    Just fix it. Should have been fixed the same week it broke. I had to go and get JunosPulse for my Mac so I could SSL VPN.
    What's really unacceptable is that this is a really old, really bad bug in the iOSworld. It's been around since 5.1.1 on our iPhones... AAAAARRRRRGGHHH!!!!!!!!! It only seems to affect OSX Mavericks in the desktop/laptop world... But since 5.1.1 -- are you friggin' kidding ME????
    Here to help if I can. If I can't I know someone who can!

  8. #8
    Quote Originally Posted by NewdestinyX View Post
    What's really unacceptable is that this is a really old, really bad bug in the iOSworld. It's been around since 5.1.1 on our iPhones... AAAAARRRRRGGHHH!!!!!!!!! It only seems to affect OSX Mavericks in the desktop/laptop world... But since 5.1.1 -- are you friggin' kidding ME????
    Are you sure? This site seems pretty reliable and it says only since 6.0. http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-1266

  9. #9
    Even 6.0 would be horrible news. I got the "since 5.1.1" info from an Apple insider.. I'm so miffed!
    Here to help if I can. If I can't I know someone who can!

  10. #10
    Quote Originally Posted by NewdestinyX View Post
    Even 6.0 would be horrible news. I got the "since 5.1.1" info from an Apple insider.. I'm so miffed!
    Well, at least there's a fix for all affected devices if it's only since 6.0. Even pod2g said he can't believe this happened. I agree with you there.

  11. #11
    Quote Originally Posted by Zokunei View Post
    Well, at least there's a fix for all affected devices if it's only since 6.0. Even pod2g said he can't believe this happened. I agree with you there.
    Can you imagine how much of our personal data could have been taken in the last 2 years??!! I smell a class action suit coming against Apple. Though one of the reasons I was, at first, pushing back against this 'most recent alarmism' is that you'd think if it were 'that' hackable - many of us would have been experiencing identity theft. And there's just no huge outcry that a lot of personal data was compromised. So the hackers must not have been 'as aware' of this big hole. Or you'd think more of us would have experienced data compromise.
    Here to help if I can. If I can't I know someone who can!

  12. #12
    I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.

  13. #13
    Quote Originally Posted by Zokunei View Post
    I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
    You're probably right, Zok..
    Here to help if I can. If I can't I know someone who can!

  14. #14
    Quote Originally Posted by Zokunei View Post
    I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
    You're right, otherwise Microsoft would be broke.

  15. #15
    Quote Originally Posted by Scotty Manley Silberhorn View Post
    You're right, otherwise Microsoft would be broke.
    Probably not. They've violated anti-trust and perjury laws numerous times and never suffered any serious consequences. It's amazing what successful entrepreneurs can achieve in the United States.
    Last edited by Zokunei; 02-24-2014 at 07:01 PM.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •