Apple's iOS patch reveals security flaw that affects third-party apps on OS X

Advertisement
By NDTV Correspondent | Updated: 24 February 2014 15:02 IST
Apple's iOS patch reveals security flaw that affects third-party apps on OS X

Researchers have discovered that a massive security hole in iOS 7 and OS X also affects third-party desktop software. While iOS has been updated, no fix is available for OS X yet. Apple released the iOS 7.0.6 update on 21 February to patch a flaw in Safari's SSL authentication code that would have allowed attackers to bypass it altogether and intercept sensitive communications such as credit card information and login credentials.

Security researchers at Crowdstrike reverse-engineered the iOS 7.0.6 update and discovered that the holes patched by it also exist in OS X. Another reasearcher, Ashkan Soltani, has now posted a screenshot to Twitter highlighting a number of apps other than Safari that use the same framework. These include built-in apps such as Calendar, Keynote, FaceTime, Mail and Software Update as well as third-party apps such as Twitter. Apple allows developers to use Secure Transport while building their own apps, which means hundreds more could be affected.

Both sources have refused to divulge specific information to the public, in order to prevent potential attackers from learning more about how to exploit the flaw.

The flaw allows for a "man-in-the-middle" attack, which makes it possible for anyone on the same wired or wireless network to intercept SSL-encrypted traffic and decrypt it by pretending to be the intended recipient, for example a secure website. Such data can then be modified before it is passed on to the actual recipient and traffic returning can be intercepted as well, giving the attacker full access to your online accounts and credentials. People using public Wi-Fi hotspots are particularly vulnerable, as attackers can sniff for vulnerable computers and capture secure data without the affected users ever knowing.

Advertisement

Apple calls its implementation of SSL authentication framework Secure Transport. The same code is used in Safari on Apple's desktop operating system, OS X, and is also available to third-party apps. 

Here are some of the apps which rely on the vulnerable Apple #gotofail SSL library beyond Safari /cc @a_greenberg pic.twitter.com/ombDOOa01A

Advertisement
-- ashkan soltani (@ashk4n) February 23, 2014

Apple has confirmed that an update for OS X is in the works, but users are advised to avoid using the Safari browser, especially if connected to public Wi-Fi hotspots. Apple has also released an update to iOS 6 for older devices, including the iPhone 3GS and older iPod touch models, which cannot run iOS 7 but are also affected.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Poco F7 5G to Be Equipped With a Snapdragon 8s Gen 4 SoC
  2. Vivo Y400 Pro 5G: Everything We Know Ahead of India Launch on June 20
  3. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  4. BSNL Announces Name of Its 5G Service in India
  5. Samsung Galaxy Z Fold 7, Z Flip 7 Launch Date Leaked Online
  6. Vivo T4 Ultra Now Available for Purchase in India: See Price, Offers
  7. Vodafone Idea to Bring Direct-to-Device Satellite Connectivity to India
  8. Boat Wave Fortune Smartwatch With NFC Tap & Pay Feature Launched in India
  9. Vivo X Fold 5 Dimensions, Charging Capacity Revealed Ahead of Launch
  10. Apple's Foldable iPhone to Enter Production Later This Year: Ming-Chi Kuo
  1. Vodafone Idea Partners With AST SpaceMobile to Bring Direct-to-Device Satellite Connectivity to India
  2. Stellar Blade's Nintendo Switch 2 Port Reportedly in Development After Successful PC Launch
  3. Vivo X Fold 5 Dimensions Confirmed Ahead of June 25 Launch; Charging Capacity Revealed
  4. Apple's Foldable iPhone to Enter Production Later This Year, Components Not Finalised: Ming-Chi Kuo
  5. Google App Gets Gemini-Powered Search Live Feature in AI Mode With Voice Input Support
  6. Apple Considering Using AI to Design its Chips, Technology Executive Says
  7. Samsung Galaxy Unpacked Event for Galaxy Z Fold 7, Galaxy Z Flip 7 Tipped to Take Place on July 9
  8. Poco F7 5G Confirmed to Get Snapdragon 8s Gen 4 Chipset Ahead of June 24 Launch
  9. Facebook Rolls Out Passkey Support for Easier and Secure Sign-In, Meta Pay Purchases
  10. BSNL Announces Q-5G Service in India, Launches SIM-Less Quantum 5G FWA for Enterprises in Select Circles
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.