Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates

Advertisement
By NDTV Correspondent | Updated: 23 April 2014 21:02 IST
Yet another major security flaw has come to light, and Apple has released updates for its two major operating systems to address it. The HTTP "triple handshake" bug is considered extremely serious because it can be exploited to allow attackers to circumvent encryption on communications which rely on SSL for security.

Ars Technica reports that devices running iOS 7, OS X 10.9.x (Mavericks) and OS X 10.8.x (Mountain Lion) are vulnerable unless they install the latest updates. Apple's release notes for iOS 7.1.1 describe four security-related fixes, including one for the triple handshake bug, known as CVE-1295..

Apple's description doesn't include a severity rating, but describes the potential impact as "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL."

The bug allows attackers trick a client into sending them credentials by spoofing a connection to another trusted server. The credentials could then be reused with other servers, which would simply accept them without question. Apple's fix now ensures that credentials are verified against the original SSL certificate for each connection.

The update comes hot on the heels of another disclosure by Apple that its AirPort Extreme and AirPort Time Capsule routers were vulnerable to the Heartbleed OpenSSL bug. A patch for those products has also been released.

Apple was also forced to issue emergency OS updates in February this year for a security bug dubbed GoToFail, which tricked Web browsers into accepting SSL certificates without legitimate signatures.

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Oppo Reno 16, Reno 16c Make Their Debut in India at These Prices
  2. CMF's Himanshu Tandon Departs Firm After a 10-Month Stint
  3. Here's Our First Look of the Nothing Phone 4b 'RCB Edition' Variant
  4. Amazon Prime Day Sale: Early Deals on Smartphones From Top Brands Revealed
  5. OTT Releases This Week: Elle, Super Subbu, Enola Holmes 3, and More
  6. Moto G77 Power Will Launch in India on This Date
  7. Top Deals on Fitness Trackers, Smart Rings in Amazon Prime Day Sale 2026
  1. PS Plus Monthly Games for July Include Call of Duty: Modern Warfare 3, For the King 2 and CrossCode
  2. Nothing Phone 4b RCB Edition Design, Colour Revealed Days Ahead of Debut
  3. Garmin Forerunner 70, Forerunner 170, Forerunner 170 Music Launched in India With 1.2-Inch Display, Up to 13 Days Battery Life
  4. Redmi Note 17 Series Launch Timeline Teased, Company Touts Display Upgrades and Longer Battery Life
  5. Lava Probuds T51, Xscape 13° Neckband With Up to 70 Hours Battery Life Launched in India: Price, Features
  6. Best Noise Cancellation Headphones in India to Buy This Amazon Prime Day: boAt Rockerz 650 Pro, JBL Tune 520 BT and More
  7. Oppo Enco Air 5 With Up to 52dB ANC, Up to 54 Hours Battery Launched in India: Price, Features
  8. Apple Reportedly Cuts iPhone 17 Series Production Plans by 15 Percent as Demand Softens
  9. Moto G77 Power Set to Launch in India Next Week; Price Range, Specifications Revealed
  10. CMF's Himanshu Tandon Announces Exit Weeks After Firm Confirms 2026 Phone Strategy
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.