UPDATE: 26/02/14 Security Update to 10.9.2 version was released and should establish SSL problem for Mavericks.
Apple has updated its mobile operating system iOS to fix a bug that fixes a vulnerability that could allow web diversion for example by allowing a capture attacker to modify data in sessions protected by SSL / TLS. Users should apply the security update to all devices Apple ASAP to avoid falling prey to a Wi-Fi hotspot or malicious router exposing the iOS default.
The bug is in the open source code for the SSL security library Apple especially in SSLVerifySignedServerKeyExchange () function. The code is essential to skip a verification step in the key exchange with the server to prove their identity and authenticity.
The validation iOS bug also exists in Mac OS X 10.9.1 Apple desktop. Use Chrome and Firefox as Apple Mail, Messages, Safari programs and many others are vulnerable.
"Do not use unsecured networks (eg Wi-Fi) while traveling, until you can update devices from a trusted network," advised Alex to Radocea IT security biz tech CrowdStrike in a briefing on the SSL vulnerability today
0 Komentar