Apple, Mac, iOS4,...
Follow
Find tag "gotofail"
7.5K views | +3 today
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Apple finally patches critical SSL flaw in OS X

Apple finally patches critical SSL flaw in OS X | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released an update for OS X that, among other things, patches the infamous  "gotofail" bug whose existence was publicly revealed last Friday.

The flaw was initially patched on iOS and Apple TV with updates pushed out on that same day, but OS X users were left to wonder why a fix hasn't been provided for them as well. 


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=gotofail


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac OS X 10.9.2 released. Apple fixes critical SSL security hole

Mac OS X 10.9.2 released. Apple fixes critical SSL security hole | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they patched for iPhone and iPad users at the end of last week.
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple and the SSL/TLS bug: Open questions

Apple and the SSL/TLS bug: Open questions | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
[UPDATE] It says something about Apple's priorities that they fixed the iOS version of a very serious bug but left Mac users conspicuously vulnerable.


The SSL bug Apple patched on iOS on Friday is a shocking and embarrassing one. That it appears to have been in both iOS and OS X for some time and the way Apple is addressing it show both that Apple knows how serious it is and that Mac users play second fiddle in Apple's orchestra. 

Apple has only released a patch for iOS, not OS X.


Make no mistake about it, this is a very serious bug. The bug makes it fairly straightforward to intercept and decrypt SSL/TLS communications, probably the most important security protocol there is today.


Any time you see Apple (or really any major vendor) release an update that fixes a single bug, you can be sure it's a high-priority bug. And there's no reason to believe that it's higher-priority for iOS users than for Mac users.


So why did they not fix OS X at the same time? Because OS X isn't top priority anymore.

Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Former Apple Security Engineer To Apple: 'Fix Your Sh-t'

Former Apple Security Engineer To Apple: 'Fix Your Sh-t' | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
If it wasn't yet clear to Apple that its 'gotofail' security flaw has the undivided attention of the information security industry, one of its own recently departed star engineers just spelled out the severity of that bug in highly profane terms. "WHAT THE EVER LOVING F**K, APPLE??!?!!" wrote former Apple security [...]


Paget, a well-regarded researcher who left her position on Apple’s security team for a job at Tesla just earlier this month, wrote perhaps the most scathing critique yet of the company’s security response to its “gotofail” bug, which would allow a wide array of Apple programs’ SSL-encrypted communications to be hijacked, eavesdropped or corrupted. The vulnerability, which earned its nickname due to being caused by a single misplaced “goto” command in Apple’s code, was patched Friday for iOS.


But researchers quickly found that it affected Apple’s desktop OSX software as well, ===> and the company has yet to fix the desktop version of the bug. <===


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Sicherheits-Update: Apple warnt vor möglichen Angriffen auf Mobilgeräte

Sicherheits-Update: Apple warnt vor möglichen Angriffen auf Mobilgeräte | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Wer mit iPhone oder iPad vermeintlich verschlüsselte Nachrichten verschickt, könnte laut Apple zum Opfer von Hackern werden. Beheben soll das Problem ein Sicherheits-Update.


===> Doch Experten zufolge schützt es nicht alle Betroffenen. <===

Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple corrige la faille gotofail pour Mac OS X

Apple corrige la faille gotofail pour Mac OS X | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple est finalement parvenu à corriger la faille de sécurité majeure qui a touché ses systèmes d'exploitation
Mac. Un correctif qui intervient tardivement par rapport à iOS.
Gust MEES's insight:


En savoir plus :


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple encryption mistake puts many desktop applications at risk

Apple encryption mistake puts many desktop applications at risk | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple's Mail, FaceTime, Calendar, Safari browser and Software Update could be vulnerable, a researcher said.
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

iPhone, iPad, iPod Touch und Macs sind unsicher

iPhone, iPad, iPod Touch und Macs sind unsicher | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Besitzer eines iPhones, iPads oder eines iPod Touch sollten sofort ein wichtiges Sicherheits-Update installieren. Ihre verschlüsselten Verbindungen können gehackt werden. Für MacOS-Nutzer gibt es noch keinen Patch.


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Update your iPhones and iPads now to iOS 7.06. But Mac OS X still at risk from critical security hole

Update your iPhones and iPads now to iOS 7.06. But Mac OS X still at risk from critical security hole | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple has quietly pushed out a security update to iOS, the operating system used by its flagship iPhone and iPad products.

And it's really important for your privacy that you update your iPhones and iPads as quickly as possible.




===> A shame then that Mac OS X doesn't yet have a patch... <===




Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple security update fixes iOS vulnerability

Apple security update fixes iOS vulnerability | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
The tech giant fixes a security problem in iOS that affected encrypted connections. Apple on Friday released the latest update of its mobile operating system. It's of note because it fixes an SSL connection issue, an important encryption vulnerability.




SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. Without it, almost anybody can see what you're doing online. According to Apple's fulldescription of the update, the software previously had problems validating the authenticity of the connection, and the software fix restores steps that were missing in the validation process.


Gust MEES's insight:


Learn more:


 - http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.