Details About Apple’s iOS SSL Patch in Update 7.0.6, OS X is Still Vulnerable
If you have an iOS device, Apple has an important security patch waiting for you. Yesterday, Apple released iOS 7.0.6, which aims to provide a fix for SSL connection verification.
According to the company’s security notes, the previous version of iOS was missing important secure socket layers (SSL) verification steps. The major security flaw allowed hackers to intercept email and communications that are supposed to be encrypted.
Assuming the attacker had access to the same network as the mobile or desktop user, they could view and change any traffic between the user and any protected website, like Facebook or Gmail.
Matthew Green, a cryptography professor at Johns Hopkins University, said:
"It's as bad as you could imagine, that's all I can say. Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site.”
Dmitri Alperovich, chief technology officer at security firm CrowdStrike, discovered that OS X also has SSL validation issues, leaving Apple’s laptop/desktop operating system at risk. According to analysis done by Crowdstrike, OS X still is vulnerable to man-in-the-middle attacks.
Apple has not yet released a patch for their laptop/desktop operating system, but one is expected soon.
For now, the company suggests avoiding free Wi-Fi hotspots and using only trusted networks, like your home or office Wi-Fi.