Apple SSL Vulnerability

A vulnerability has recently been discovered in Apple products, including iPhone, iPad, and Mac products. This attack could allow someone to intercept the traffic between you and someone else or a website, even if the connection is over HTTPS using SSL.

To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system)

If you have an Apple product, such as iPhone, iPad, or Mac, update your device immediately. You need to be on iOS 7.0.6 or OS X 10.9.2 to be protected from this exploit.

Permalink
Posted: Feb 21 2014