Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected
Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.
However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.
A list of apps deemed vulnerable to the SSL bug found in OS X and iOS by security researcher
Ashkan Soltani
Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.
Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.
Popular Stories
Apple is expected to announce iOS 18 during its WWDC keynote on June 10, and new features have already been rumored for many apps, including Apple Music, Apple Maps, Calculator, Messages, Notes, Safari, and others. Below, we recap iOS 18 rumors on a per-app basis, based on reports from MacRumors, Bloomberg's Mark Gurman, and others: Apple Maps: At least two new Apple Maps features are...
With the 10th anniversary of the Apple Watch approaching, we thought it would be fun to take a look back at an interesting bit of Apple Watch history. After the Apple Watch was announced in 2014, and before it became available in 2015, Apple sent out custom Apple Watch iPad demo kiosks to retail stores. The Apple Watch and iPad units used for these devices were specially designed, had custom ...
While Apple's upcoming iPad Pro models have been expected to feature the M3 chip for over a year, recent reports have unexpectedly suggested that the new devices will instead feature the as-yet-unannounced M4 chip. Subscribe to the MacRumors YouTube channel for more videos. Last week, Bloomberg's Mark Gurman said that he now believes there is a "strong possibility" that the upcoming iPad Pro ...
An in-depth Bloomberg report today resurfaced General Motors' decision to replace Apple CarPlay with its own software. Last year, GM announced that it planned to forgo Apple CarPlay in its new electric vehicles, starting with the 2024 Chevrolet Blazer EV. Instead, the automaker introduced a proprietary infotainment platform, aiming to control and customize the digital experience within its...
Just over six months ago, Apple supply chain analyst Ming-Chi Kuo said the likelihood of a new Apple Watch Ultra being released in 2024 was "decreasing," but it now sounds like there will be an Apple Watch Ultra 3 this year after all. In a direct message shared with MacRumors today, Kuo said that while the Apple Watch Ultra will be updated this year, the new model will have "almost no"...
Top Rated Comments
Great work, Apple!
And it better come tomorrow :mad:
My definition of "very soon," and Apple's definition of "very soon," are very different. :(