Apple encryption mistake puts desktop applications at risk

Apple products and Mac operating systems. Including discussions on Virtual PC for Mac, Parallels Desktop for Mac, all Apple hardware and everything relating to Apple and Mac!
(MacCentre701)

Apple encryption mistake puts desktop applications at risk

Postby James » Mon 24 Feb, 2014 10:19 am

Jeremy Kirk

Feb 24, 2014 6:42 AM


A subtle mistake in how Apple implemented a basic encryption feature that shields data from snooping also affects many desktop applications that rely on the code, according to a noted security researcher.

Apple released a patch on Friday for its iOS mobile platform but has yet to fix the problem for desktop computers, which often have several applications that rely on the faulty code library, called Secure Transport. (rest of article here:)

http://www.pcworld.com/article/2100680/ ... tk.rss_all
UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
James
James
diamond member
diamond member
 
Posts: 3370
Joined: Sat 13 Jul, 2002 12:10 am

Re: Apple encryption mistake puts desktop applications at ri

Postby Antony » Mon 24 Feb, 2014 4:35 pm

Hmm, that seems serious.

I hope Apple releases Security Update for older OS X versions as well. (Not just 10.9.x)
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:27.0) Gecko/20100101 Firefox/27.0 AlexaToolbar/alxf-2.19
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Re: Apple encryption mistake puts desktop applications at ri

Postby James » Mon 24 Feb, 2014 11:22 pm

Just make sure to update your iPhone and iPad since those updates are available. It really is quite a serious security flaw that needs to be addressed as soon as possible.
UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
James
James
diamond member
diamond member
 
Posts: 3370
Joined: Sat 13 Jul, 2002 12:10 am

Re: Apple encryption mistake puts desktop applications at ri

Postby iJohnE » Mon 24 Feb, 2014 11:26 pm

iPhone updated this morning.

I hope this doesn't effect 10.7...or like Antony said they release an update for that as well.
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Firefox/27.0
"Those who matter don't mind, and those who mind don't matter." - Dr. Seuss.
User of Windows 10 Pro, and Ubuntu MATE.
User avatar
iJohnE
diamond member
diamond member
 
Posts: 1676
Joined: Wed 21 Nov, 2007 2:48 pm
Location: Pulaski, NY, USA

Re: Apple encryption mistake puts desktop applications at ri

Postby Antony » Tue 25 Feb, 2014 9:25 am

Yes, my (current model) iPads, iPhones and iPod touch are all updated.
My previous generation iPads and iPhones will not be updated, unless Apple releases iOS 6.1.6 for those devices.
(Apple does release iOS 6.1.6 for iPod touch 4th generation.)

If I read this SSL correctly, the attacker must be within the same shared network. In other words, people in home Wi-Fi environment shouldn't be over concerned (compared to public Wi-Fi).

Intego's Mac Security Blog described the issue with easier to understand vocabularies. It also pointed out that iOS 5 and Mac OS X 10.8 never had the bug. (source).

Lucky, my main computer (Mac Pro) is still on OS X 10.8.5. This is one of the very few benefits when you don't join the rush of chasing the latest software update. :D
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:27.0) Gecko/20100101 Firefox/27.0 AlexaToolbar/alxf-2.19
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Re: Apple encryption mistake puts desktop applications at ri

Postby iJohnE » Tue 25 Feb, 2014 10:16 am

Antony wrote:Yes, my (current model) iPads, iPhones and iPod touch are all updated.
My previous generation iPads and iPhones will not be updated, unless Apple releases iOS 6.1.6 for those devices.
(Apple does release iOS 6.1.6 for iPod touch 4th generation.)

If I read this SSL correctly, the attacker must be within the same shared network. In other words, people in home Wi-Fi environment shouldn't be over concerned (compared to public Wi-Fi).

Intego's Mac Security Blog described the issue with easier to understand vocabularies. It also pointed out that iOS 5 and Mac OS X 10.8 never had the bug. (source).

Lucky, my main computer (Mac Pro) is still on OS X 10.8.5. This is one of the very few benefits when you don't join the rush of chasing the latest software update. :D


I'll be downgrading to 10.8. Since 10.9 causes my mac to beach ball ALL THE TIME. Which it never did before...sigh.
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Firefox/27.0
"Those who matter don't mind, and those who mind don't matter." - Dr. Seuss.
User of Windows 10 Pro, and Ubuntu MATE.
User avatar
iJohnE
diamond member
diamond member
 
Posts: 1676
Joined: Wed 21 Nov, 2007 2:48 pm
Location: Pulaski, NY, USA

Re: Apple encryption mistake puts desktop applications at ri

Postby Antony » Tue 25 Feb, 2014 9:08 pm

iJohnE wrote:I'll be downgrading to 10.8. Since 10.9 causes my mac to beach ball ALL THE TIME. Which it never did before...sigh.

Ouch, we all hate the spinning beach ball.

Anyhow, OS X Mavericks 10.9.2 and Security Update 2014-001 are available.
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:27.0) Gecko/20100101 Firefox/27.0 AlexaToolbar/alxf-2.19
User avatar
Antony
diamond member
diamond member
 
Posts: 15483
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia


Return to Mac OS and Apple

Who is online

Registered users: Baidu [Spider], Bing [Bot], Google [Bot], Majestic-12 [Bot], Yahoo [Bot]
cron