Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.

However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.

gotofail_list_of_apps

A list of apps deemed vulnerable to the SSL bug found in OS X and iOS by security researcher Ashkan Soltani

Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.

Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.

Top Rated Comments

yjchua95 Avatar
117 months ago
I can imagine an NSA techie slamming his head into a wall while saying "*******! They found the loophole I inserted!"
Score: 21 Votes (Like | Disagree)
MacMan988 Avatar
117 months ago
No security.

Great work, Apple!
Score: 12 Votes (Like | Disagree)
mathcolo Avatar
117 months ago
i hope this is a separate security release, and not only available in 10.9.2.

And it better come tomorrow :mad:
Score: 12 Votes (Like | Disagree)
SantaFeNM Avatar
117 months ago
Very soon.....

My definition of "very soon," and Apple's definition of "very soon," are very different. :(
Score: 11 Votes (Like | Disagree)
mw360 Avatar
117 months ago
So are Apple going to block all these vulnerable apps from running until a fix is available? Or is that kind of calling-out just reserved for Flash.
Score: 7 Votes (Like | Disagree)
Sky Blue Avatar
117 months ago
i hope this is a separate security release, and not only available in 10.9.2.
Score: 6 Votes (Like | Disagree)

Popular Stories

iOS 16

iOS 16.3 Now Available for Your iPhone With These 4 New Features

Friday February 3, 2023 1:13 pm PST by
Apple released iOS 16.3 in late January following nearly six weeks of beta testing. The software update is available for the iPhone 8 and newer, and while it is a relatively minor update, it still includes a handful of new features, changes, and bug fixes. Below, we've recapped new features in iOS 16.3, including support for physical security keys as a two-factor authentication option for...
iPhone 14 Pro Purple Side Perspective Feature Purple

Gurman: Apple Considering New High-End iPhone Alongside Pro and Pro Max

Sunday February 5, 2023 6:07 am PST by
Apple has discussed selling a new top-of-the-line iPhone alongside the Pro and Pro Max models in 2024 at the earliest, according to Bloomberg's Mark Gurman. Based on this timeframe, the device would be part of the iPhone 16 lineup or later. In a September 2022 edition of his weekly "Power On" newsletter, Gurman said there was "potential" for an iPhone 15 Ultra to replace the iPhone 15 Pro...
ipad air purple

Deals: M1 iPad Air Hits Record-Low Prices at TigerDirect, Starting at $313.99 (48% Off) [Updated]

Saturday February 4, 2023 10:05 am PST by
Online retailer TigerDirect has slashed pricing on the M1 iPad Air in several colors, offering the base 64GB configuration for just $313.99 in Purple and Pink. Note: MacRumors is an affiliate partner with TigerDirect. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. That's a savings of 48% compared to Apple's normal $599.00...
mac studio pink

Apple May Not Launch Updated Mac Studio With M2 Ultra Chip Due to Similarity With Upcoming Mac Pro

Sunday February 5, 2023 6:06 am PST by
A new version of the Mac Studio with the "M2 Ultra" chip is unlikely to arrive in the near future, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that since the upcoming Apple silicon Mac Pro is "very similar in functionality to the Mac Studio," Apple may wait until the release of M3- or M4-series chips to update the machine, or...
HomePod 2 White and Midnight Feature Purple Orange

Apple Releases tvOS 16.3.1 and HomePod 16.3.1 Software Updates

Monday February 6, 2023 10:13 am PST by
Apple today released new tvOS 16.3.1 and HomePod 16.3.1 software updates, with the software coming two weeks after the tvOS 16.3 and HomePod 16.3 updates were released. According to Apple's release notes for HomePod software 16.3.1, the update includes general performance and stability improvements. Notes for tvOS 16.3.1 are unavailable as of yet, but are probably similar to the HomePod...
iPhone 15 Pro Blue Feature

iPhone 15 Pro 'Buttonless Design' Rumors: Everything We Know

Monday February 6, 2023 7:44 am PST by
The iPhone 15 Pro models will feature a "buttonless design" thanks to additional Taptic Engines, according to multiple corroborated reports, so what do we know about the change so far? Apple analyst Ming-Chi Kuo was first to report that the volume and power buttons on this year's two high-end iPhone models will adopt a solid-state design, similar to the iPhone 7's home button, replacing a...
iphone ultra concept daehnert

'iPhone Ultra' Concept Envisions Apple's Rumored Future Top-Tier Smartphone

Tuesday February 7, 2023 5:38 am PST by
Apple has reportedly considered releasing a new top-of-the-line iPhone alongside future Pro and Pro Max models, tentatively referred to as "iPhone Ultra," and one designer has taken it upon himself to envision what such a device could potentially look like. German industrial designer Jonas Daehnert came up with this impressive-looking concept (pictured) by marrying design elements of the...
webkit vs chromium feature

Google Working on Browser for iOS That Would Break Apple's App Store Rules

Saturday February 4, 2023 1:30 am PST by
Google's Chromium developers are working on an experimental web browser for iOS that would break Apple's browser engine restrictions, The Register reports. The experimental browser, which is being actively pursued by developers, uses Google's Blink engine. Yet if Google attempted to release it on the App Store, it would not pass Apple's App Review process. Apple's App Store rules dictate...