Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates

Advertisement
By NDTV Correspondent | Updated: 23 April 2014 21:02 IST
Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates
Yet another major security flaw has come to light, and Apple has released updates for its two major operating systems to address it. The HTTP "triple handshake" bug is considered extremely serious because it can be exploited to allow attackers to circumvent encryption on communications which rely on SSL for security.

Ars Technica reports that devices running iOS 7, OS X 10.9.x (Mavericks) and OS X 10.8.x (Mountain Lion) are vulnerable unless they install the latest updates. Apple's release notes for iOS 7.1.1 describe four security-related fixes, including one for the triple handshake bug, known as CVE-1295..

Apple's description doesn't include a severity rating, but describes the potential impact as "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL."

The bug allows attackers trick a client into sending them credentials by spoofing a connection to another trusted server. The credentials could then be reused with other servers, which would simply accept them without question. Apple's fix now ensures that credentials are verified against the original SSL certificate for each connection.

The update comes hot on the heels of another disclosure by Apple that its AirPort Extreme and AirPort Time Capsule routers were vulnerable to the Heartbleed OpenSSL bug. A patch for those products has also been released.

Apple was also forced to issue emergency OS updates in February this year for a security bug dubbed GoToFail, which tricked Web browsers into accepting SSL certificates without legitimate signatures.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y400 Pro 5G Confirmed to Launch in India Soon, Design Teased
  2. Vivo T4 Lite 5G Price in India, Launch Timeline and Key Features Leaked
  3. Vivo X200 FE Allegedly Spotted on Geekbench With This MediaTek Chipset
  4. OnePlus Bullets Wireless Z3 to Launch in India on June 19: All Details
  5. Realme GT 7 Dream Edition is Now Available for Purchase in India
  6. The Company Behind Arc Is Now Bringing an AI Browser With Chatbot
  7. Aurora Alert! Northern Lights May Be Visible as Far South as New York on June 14
  8. New Island Forms in Caspian Sea as Water Levels Drop, Russian Scientists Confirm
  1. Google, Scale AI's Largest Customer, Said to Plan Split After Meta Deal
  2. SpaceX Launches 26 New Starlink Satellites, Expands Global Internet Network
  3. Aurora Alert! Northern Lights May Be Visible as Far South as New York on June 14
  4. New Island Forms in Caspian Sea as Water Levels Drop, Russian Scientists Confirm
  5. Kesari Chapter 2 Now Streaming on JioHotstar: Everything You Need to Know About Akshay Kumar Starrer Movie
  6. Steam for Mac Now Available as Native Apple Silicon App With Latest Beta Release
  7. Coinbase Announces American Express-Backed Crypto Credit Card That Offers Bitcoin Rewards
  8. Killed by Google: Support for Android Instant Apps to Reportedly Be Dropped Later This Year
  9. Realme GT 7 Dream Edition Now Available for Purchase in India: Price, Sale Offers
  10. Meta AI Discovery Feed Is Reportedly Filled With Users' Seemingly Private Chats
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.