Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates

Advertisement
By NDTV Correspondent | Updated: 23 April 2014 21:02 IST
Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates
Yet another major security flaw has come to light, and Apple has released updates for its two major operating systems to address it. The HTTP "triple handshake" bug is considered extremely serious because it can be exploited to allow attackers to circumvent encryption on communications which rely on SSL for security.

Ars Technica reports that devices running iOS 7, OS X 10.9.x (Mavericks) and OS X 10.8.x (Mountain Lion) are vulnerable unless they install the latest updates. Apple's release notes for iOS 7.1.1 describe four security-related fixes, including one for the triple handshake bug, known as CVE-1295..

Apple's description doesn't include a severity rating, but describes the potential impact as "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL."

The bug allows attackers trick a client into sending them credentials by spoofing a connection to another trusted server. The credentials could then be reused with other servers, which would simply accept them without question. Apple's fix now ensures that credentials are verified against the original SSL certificate for each connection.

The update comes hot on the heels of another disclosure by Apple that its AirPort Extreme and AirPort Time Capsule routers were vulnerable to the Heartbleed OpenSSL bug. A patch for those products has also been released.

Apple was also forced to issue emergency OS updates in February this year for a security bug dubbed GoToFail, which tricked Web browsers into accepting SSL certificates without legitimate signatures.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Apple's M4 Mac Mini Price in India Drops to Rs. 49,999 With These Discounts
  2. Poco F7 Design Spotted in Leaked Renders; Battery Specifications Revealed
  3. OnePlus Pad Lite Design and Specifications Leaked, Could Launch Soon
  1. OnePlus Pad Lite Design and Key Specifications Leaked, Could Launch Soon
  2. Samsung's Upcoming Running Events Reportedly Hint at Galaxy Z Fold 7, Flip 7 and Watch 8 Series Launch Timeline
  3. Poco F7 Design Spotted in Leaked Renders; Battery Specifications Revealed via Flipkart
  4. Neuralink Device Helps Monkey See Something That’s Not There
  5. Apple's Mac Mini With M4 Chip Price in India Drops to Rs. 49,999 With Discounts on Amazon
  6. Samsung Galaxy M36, Galaxy F36 Spotted on Google Play Console; Galaxy M36 Launch Reportedly Teased via Amazon
  7. Google, Scale AI's Largest Customer, Said to Plan Split After Meta Deal
  8. SpaceX Launches 26 New Starlink Satellites, Expands Global Internet Network
  9. Aurora Alert! Northern Lights May Be Visible as Far South as New York on June 14
  10. New Island Forms in Caspian Sea as Water Levels Drop, Russian Scientists Confirm
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.