Recent Security Flaw in Apple's SSL Protocol [Mac / iOS Users Read]
Good Morning folks,
In light of recent events, I thought it would be important to inform the community of a recent software error in Apple's SSL authentication scripts that are falsely providing secure connections across networks. The error involves a misplaced line of code which will improperly make any authentic SSL connections invalid, allowing man-in-the-middle attacks to occur on sensitive transmissions. This article provides a fairly decent description of the flaw.
Those of you who have iPhones or Mac OS X are strongly recommended to update your software on your respective devices. Your iOS devices should have received an automatic update over the weekend (in the event yours did not update, you should manually check for an update). OS X Currently has no 'fix', though one should roll out later this week.
Effected software includes any built-in Apple software, including the Safari web browser. It's strongly recommended that you use an alternative web browser (Firefox and Chrome use their own SSL protocol, and both browsers are still secure for use on OS X and iOS devices) for secure transactions, such as banking or email, until a fix is available for Safari and OS X systems.
If anyone has any questions regarding this issue, feel free to respond and I will try to clarify any concerns you have. You should only be concerned about this security issue if you are performing password-sensitive transmissions using your phone's data network or wifi setting in a public setting (such as a school, shop, mall, etc) and have not grabbed the most recent phone update. In most cases, your OS X machine is on a trusted home or work network, and should have proper security settings in place to prevent man-in-the-middle attacks regardless of the individual machine software.
Thanks,
~Aayrl
In light of recent events, I thought it would be important to inform the community of a recent software error in Apple's SSL authentication scripts that are falsely providing secure connections across networks. The error involves a misplaced line of code which will improperly make any authentic SSL connections invalid, allowing man-in-the-middle attacks to occur on sensitive transmissions. This article provides a fairly decent description of the flaw.
Those of you who have iPhones or Mac OS X are strongly recommended to update your software on your respective devices. Your iOS devices should have received an automatic update over the weekend (in the event yours did not update, you should manually check for an update). OS X Currently has no 'fix', though one should roll out later this week.
Effected software includes any built-in Apple software, including the Safari web browser. It's strongly recommended that you use an alternative web browser (Firefox and Chrome use their own SSL protocol, and both browsers are still secure for use on OS X and iOS devices) for secure transactions, such as banking or email, until a fix is available for Safari and OS X systems.
If anyone has any questions regarding this issue, feel free to respond and I will try to clarify any concerns you have. You should only be concerned about this security issue if you are performing password-sensitive transmissions using your phone's data network or wifi setting in a public setting (such as a school, shop, mall, etc) and have not grabbed the most recent phone update. In most cases, your OS X machine is on a trusted home or work network, and should have proper security settings in place to prevent man-in-the-middle attacks regardless of the individual machine software.
Thanks,
~Aayrl
