Apple fixes major SSL security flaw in iOS 7


by CBR Staff Writer| 24 February 2014

Still working on software update for similar flaw in Mac OS X.

Apple has fixed a major in SSL security flaw for its iPhones and iPads that allowed hackers to directly intercept encrypted email and other communications when connected to a vulnerable Wi-Fi network.

Reports revealed that the flaw enabled hackers to see or alter exchanges between the user and protected sites including Gmail and Facebook, in addition to breaching financial data, or finding other sensitive information.

The iOS 7.0.6 update, which 'provides a fix for SSL connection verification' is intended for iPhone 4 or higher, fifth-generation iPod touch devices, in addition to the iPad 2 or later versions.

The fix has been rushed after Johns Hopkins University cryptography professor Matthew Green said, "It's as bad as you could imagine, that's all I can say."

Apple has released software patches and an update for the current version of iOS for iPhone 4 and later models, 5th-generation iPod touches and later models, and iPad 2 and later models.

Apple said that the latest issue was found to be severe enough not to wait and deliver the fix in iOS 7.1, which is scheduled to be launched in coming months.

In addition, the flaw also appears in notebook and desktop machines running Mac OS X, while a software update is being worked on 'very soon' to cut off hackers' attempts to peer into email, financial information and other sensitive data from Mac computers.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

715 people like this.
1526 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.