The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | apple

20140225-125112.jpg

Apple released an update for Mac OS X 10.9 fixing the serious GOTO FAIL SSL vulnerability. This update appears to resolve the problem for The Safari browser, and many other Apple applications that use SSL/TLS.

If you use a Mac, make sure you install this update ASAP. Go to Software Update and you should see the update available.

Feb/14

23

Apple SSL vulnerability

Cracked EncryptionEverybody has been talking about the Apple SSL vulnerability, but just in case you have missed it….

It turns out that for several years Safari has failed to properly check the cryptographic signatures on Server Key Exchanges allowing attackers to mount man in the middle attacks against your browser sessions. Anyone with the ability to intercept your traffic could read and modify the data to or from any secure website you visit (of course they can always do it with insecure websites). This would include any WiFi you are using, the local ISP, backbone ISPs, and government entities wherever you might be, or anywhere along the path yo the server you are trying to reach.

This vulnerability impacts both iOS as well as Mac OS X. You can test whether you are vulnerable here.

There is a patch already available for iOS so update your device now!

If you are on a Mac, switch to using some browser other than Safari. Chrome and Firefox are both safe from this particular attack.

If you are on Windows, Linux, BSD, or Android, you would appear to be safe.

· ·

<< Latest posts