iOS 6.16 and 7 (and OSX) on-line https security risk

23 Feb 2014 09:22:36

Euan Williams

Apple OSX and IOS Secure Socket Layer Bug...

Apple announced a patch for iOS 6.1.6 and 7.0 on February 21st:
http://support.apple.com/kb/HT6147

about this bug:
https://www.imperialviolet.org/2014/02/22/applebug.html

how to avoid it in OSX until a patch for that is announced:
http://osxdaily.com/2014/02/22/protect-mac-ssl-tls-security-bug/.

Re: iOS 6.16 and 7 (and OSX) on-line https security risk

23 Feb 2014 09:50:48

Mick Burrell

Euan, could you explain a little more for those of us who don't understand the code on the sites you've pointed us to?

Unless I'm missing the point, as the last site says it's a danger "if the hacker is on the same network as you", for those of us using Macs in a home environment there's no real issue is there?

Re: iOS 6.16 and 7 (and OSX) on-line https security risk

23 Feb 2014 18:19:54

Euan Williams

Hi Mick,
the sting is in the second part of the sentence:
“…if the attacker is on the same network as you, — or is otherwise able to get between your computer and a remote server. This is why it is so important to avoid untrusted networks, it greatly mitigates risk.”

Users of Adobe’s Flash Player have this month had no fewer than two emergency security updates — Steve Jobs was right to keep it off the iPhones and iPads!

It’s also worth noting that Back Door flaws in some routers have recently been publicised:
http://www.bbc.co.uk/news/technology-26287517

This is just to remind ourselves (should we need reminding?) that malefactors are lurking out there — even for Apple.

Re: iOS 6.16 and 7 (and OSX) on-line https security risk

25 Feb 2014 23:30:42

Euan Williams

OSX 10.9.2 Updater should now be available and the security patch is included.

Details here.

Re: iOS 6.16 and 7 (and OSX) on-line https security risk

28 Feb 2014 10:33:54

Euan Williams

A short review of OSX security post the "fail" threat is here.