• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple: Nasty SSL Security Bug Fix Coming to Mac OS X Soon


    It has been big news for the last couple of days that Apple released iOS 7.0.6 to fix a very nasty SSL connection verification bug that could leave the user open and vulnerable to man-in-the-middle networking attacks from inexperienced hackers.

    The bug is also present on Mac OS X, and according to Reuters, Apple has spoken out with official word that they are aware of the issue and already have a fix for it that they plan to release as a software update in the very near future, although no specific date has been given just yet. The software update will likely come by way of the Mac App Store when it's ready for the public.

    The bug has stirred quite the scare for Mac OS X users, and iOS users alike, as many Mac and iOS device users use their devices and machines for banking, social networking, and more; most of which use SSL to help keep the user safe from those that might be listening around for opportunities to steal information and sensitive data, including credit card information and passwords.

    The SSL bug in OS X, like in iOS, spans across multiple applications, and not just Safari. Many of Apple's applications that take advantage of iCloud are also affected by this security issue.

    We will be sure to let you know when this update is released to the public so that you can get your Mac OS X machines up to date with the latest security fixes.

    Sources: Reuters
    This article was originally published in forum thread: Apple: Nasty SSL Security Bug Fix Coming to Mac OS X Soon started by Anthony Bouchard View original post
    Comments 14 Comments
    1. Scotty Manley Silberhorn's Avatar
      Scotty Manley Silberhorn -
      So I take it that Apple is going to make a xprotect exception with their own software here. If this were flash or java. It would've been blocked from being used.
    1. slim.jim's Avatar
      slim.jim -
      Am I right in reading about this, that the attacker would have to be on the same local network as you? Like on an un secure public hotspot where someone is eavesdropping on SSL traffic?

      If that is the case your shouldn't be banking, or doing something else sensitive, on a public network anyways.
    1. bigboyz's Avatar
      bigboyz -
      Just fix it. Should have been fixed the same week it broke. I had to go and get JunosPulse for my Mac so I could SSL VPN.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by slim.jim View Post
      Am I right in reading about this, that the attacker would have to be on the same local network as you? Like on an un secure public hotspot where someone is eavesdropping on SSL traffic?

      If that is the case you shouldn't be banking, or doing something else sensitive, on a public network anyways.
      People do anyways. All day every day.
    1. Zokunei's Avatar
      Zokunei -
      They literally just have to put braces around two lines of code. Come on.
    1. NewD's Avatar
      NewD -
      Quote Originally Posted by bigboyz View Post
      Just fix it. Should have been fixed the same week it broke. I had to go and get JunosPulse for my Mac so I could SSL VPN.
      What's really unacceptable is that this is a really old, really bad bug in the iOSworld. It's been around since 5.1.1 on our iPhones... AAAAARRRRRGGHHH!!!!!!!!! It only seems to affect OSX Mavericks in the desktop/laptop world... But since 5.1.1 -- are you friggin' kidding ME????
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by NewdestinyX View Post
      What's really unacceptable is that this is a really old, really bad bug in the iOSworld. It's been around since 5.1.1 on our iPhones... AAAAARRRRRGGHHH!!!!!!!!! It only seems to affect OSX Mavericks in the desktop/laptop world... But since 5.1.1 -- are you friggin' kidding ME????
      Are you sure? This site seems pretty reliable and it says only since 6.0. http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-1266
    1. NewD's Avatar
      NewD -
      Even 6.0 would be horrible news. I got the "since 5.1.1" info from an Apple insider.. I'm so miffed!
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by NewdestinyX View Post
      Even 6.0 would be horrible news. I got the "since 5.1.1" info from an Apple insider.. I'm so miffed!
      Well, at least there's a fix for all affected devices if it's only since 6.0. Even pod2g said he can't believe this happened. I agree with you there.
    1. NewD's Avatar
      NewD -
      Quote Originally Posted by Zokunei View Post
      Well, at least there's a fix for all affected devices if it's only since 6.0. Even pod2g said he can't believe this happened. I agree with you there.
      Can you imagine how much of our personal data could have been taken in the last 2 years??!! I smell a class action suit coming against Apple. Though one of the reasons I was, at first, pushing back against this 'most recent alarmism' is that you'd think if it were 'that' hackable - many of us would have been experiencing identity theft. And there's just no huge outcry that a lot of personal data was compromised. So the hackers must not have been 'as aware' of this big hole. Or you'd think more of us would have experienced data compromise.
    1. Zokunei's Avatar
      Zokunei -
      I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
    1. NewD's Avatar
      NewD -
      Quote Originally Posted by Zokunei View Post
      I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
      You're probably right, Zok..
    1. Scotty Manley Silberhorn's Avatar
      Scotty Manley Silberhorn -
      Quote Originally Posted by Zokunei View Post
      I'm pretty sure they could only be sued if you had evidence that they knew about the bug and decided not to fix it for a year and a half or whatever.
      You're right, otherwise Microsoft would be broke.
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by Scotty Manley Silberhorn View Post
      You're right, otherwise Microsoft would be broke.
      Probably not. They've violated anti-trust and perjury laws numerous times and never suffered any serious consequences. It's amazing what successful entrepreneurs can achieve in the United States.