Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.

However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.

gotofail_list_of_apps

A list of apps deemed vulnerable to the SSL bug found in OS X and iOS by security researcher Ashkan Soltani

Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.

Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.

Top Rated Comments

(View all)
Avatar
83 months ago
I can imagine an NSA techie slamming his head into a wall while saying "*******! They found the loophole I inserted!"
Score: 21 Votes (Like | Disagree)
Avatar
83 months ago
No security.

Great work, Apple!
Score: 12 Votes (Like | Disagree)
Avatar
83 months ago

i hope this is a separate security release, and not only available in 10.9.2.


And it better come tomorrow :mad:
Score: 12 Votes (Like | Disagree)
Avatar
83 months ago
Very soon.....

My definition of "very soon," and Apple's definition of "very soon," are very different. :(
Score: 11 Votes (Like | Disagree)
Avatar
83 months ago
So are Apple going to block all these vulnerable apps from running until a fix is available? Or is that kind of calling-out just reserved for Flash.
Score: 7 Votes (Like | Disagree)
Avatar
83 months ago
i hope this is a separate security release, and not only available in 10.9.2.
Score: 6 Votes (Like | Disagree)

Top Stories

iPhone Users Who Experienced 'Batterygate' Can Now File to Receive Around $25 Settlement From Apple

Monday July 13, 2020 6:50 am PDT by
Earlier this year, Apple agreed to settle a U.S. class action lawsuit that accused the company of "secretly throttling" older iPhone models. Now, eligible iPhone owners are beginning to be notified about their legal rights and options. Under the proposed settlement, Apple will provide a cash payment of approximately $25 to each eligible iPhone owner who submits a claim, with its total payout ...

Apple Releases iOS 13.6 With Car Key, Toggle to Turn Off Automatic Update Downloads, Audio Apple News+ Stories and More

Wednesday July 15, 2020 10:04 am PDT by
Apple today released iOS and iPadOS 13.6, major updates that come more than a month after the launch of iOS and iPadOS 13.5.1. iOS and iPadOS 13.6 introduce new Health, Apple News, and software update features. The iOS and iPadOS 13.6 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General > Software Update. Apple has...

Possible 'iPhone 12' Battery Certifications Suggest Lower Capacities Than iPhone 11 Series

Monday July 13, 2020 4:22 am PDT by
MySmartPrice has spotted certifications for three new Apple batteries that it believes could be for the upcoming iPhone 12 lineup, despite them being less capacitive than the batteries in the current iPhone 11 series. The batteries are identified with the model numbers A2471, A2431, and A2466, and appear on Safety Korea, China's 3C, and the Danish agency UL Demko. Apple is expected to...

iPhone 12 Could Ship With New Braided USB-C to Lightning Cable

Tuesday July 14, 2020 10:57 am PDT by
Apple's upcoming iPhone 12 models could ship with a new Lightning to USB-C cable that includes a braided fabric design, according to leaked photos from ChargerLAB that surfaced on Weibo today (via Twitter users DuanRui and L0vetodream). The photos depict a USB-C to Lightning cable that has a braided design rather than the standard non-fabric design of the current cables. Apple has never...

Apple Pays Samsung an Estimated $950 Million for Missing OLED Panel Purchase Targets

Monday July 13, 2020 10:03 am PDT by
Apple in the second quarter of 2020 paid Samsung approximately $950 million for not meeting OLED panel purchase goals established in agreements between the two companies, according to display analysts at Display Supply Chain Consultants. Samsung last week shared guidance on revenue and operating profit for the second quarter of 2020, which included a one-time gain related to its display...

Five Mac Apps Worth Checking Out - July 2020

Tuesday July 14, 2020 2:34 pm PDT by
Apps created for Macs don't typically receive as much coverage as apps designed for iPhones and iPads, so we crated a series here at MacRumors to highlight interesting Mac apps worth checking out. This month's apps focus on productivity and feature great tools for working from home. Subscribe to the MacRumors YouTube channel for more videos. Twobird (Free) - Twobird is an email app from...

Apple Warns Against Closing MacBooks With a Cover Over the Camera

Friday July 10, 2020 11:12 am PDT by
Apple this month published a support document that warns customers against closing their Mac notebooks with a cover over the camera as it can lead to display damage. Image via Reddit Apple says that the clearance between the display and the keyboard is designed to very tight tolerances, which can be problematic. Covering the camera can also cause issues with automatic brightness and True Tone....

Apple Shares Humorous 'Working-From-Home Thing' Video

Monday July 13, 2020 9:31 am PDT by
Apple today shared a funny video focused on the problems that people working from home have to deal with, including noisy children, chaotic schedules, communication issues, and more. The video focuses on showing off Apple products and their capabilities that can be useful when working from home, such as the ability to scan a document with an iPhone, mark up a PDF, Siri Reminders, and more.The...

SoftBank Considering Possible Sale of Arm Holdings as Apple Gears Up for Arm-Based Macs

Monday July 13, 2020 2:00 pm PDT by
SoftBank, the company that owns chip designer Arm Holdings, is exploring options that include a full or partial sale or a public offering, reports The Wall Street Journal. SoftBank is working with Goldman Sachs Group as an advisor, and the explorations are at an early stage. The Wall Street Journal says that it's unknown how much interest there would be in Arm from financial or industry...

Rumor Suggests New Apple App for Windows Could Be Coming Soon

Tuesday July 14, 2020 1:54 am PDT by
Apple could be working towards the release of a new app for Windows 10, according to a report this week from an Italian website. The blog Aggiornamenti Lumia suggests that an app from Apple is "coming soon" to the Microsoft Store, but stops short of providing additional details. Apple still maintains a Windows version of the iTunes app, which has been discontinued on Mac and replaced by...