Tuesday, February 25, 2014

Apple release patch for a SSL security vulnerability - mSecLabs - MOBIQUANT Mobile Security Labs | mSecLabs - MOBIQUANT Mobile Security Labs



Apple
has recently pushed an emergency update for iOS (7.0.6) that fixes a
critical vulnerability that could allow hackers to intercept the user’s
traffic (email, messages etc) and other communications that is meant to
be encrypted.
The vulnerability occurs in the logic some iOS applications use to
authenticate themselves to the server over SSL (Secure Socket Layer).
Because of this flaw, an attacker who is present on the same wired or
wireless network can perform a man in the middle (MITM) attack and
bypass the initial authentication check during the connection handshake.
Once this is done, the attacker can see all the traffic going to and
fro from your device to the server. He can modify the data over the air
and also eavesdrop over all the user’s information.


More details about the vulnerability can be found here.


It is recommended to update to the latest version of iOS (7.0.6) that
patches this vulnerability. Until then, it is advisable not to use any
untrusted WiFi networks as your information might be eavesdropped upon.


After reverse engineering the patch, several security researchers
have found out that the flaw exists in the current versions of Mac OSX
as well. No patch is available yet for that operating system, though one
is expected soon.










Read Article on mSeclabs Team website:  Apple release patch for a SSL security vulnerability