Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.

However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.

gotofail_list_of_apps

A list of apps deemed vulnerable to the SSL bug found in OS X and iOS by security researcher Ashkan Soltani

Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.

Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.

Top Rated Comments

(View all)
Avatar
80 months ago
I can imagine an NSA techie slamming his head into a wall while saying "*******! They found the loophole I inserted!"
Score: 21 Votes (Like | Disagree)
Avatar
80 months ago
No security.

Great work, Apple!
Score: 12 Votes (Like | Disagree)
Avatar
80 months ago

i hope this is a separate security release, and not only available in 10.9.2.


And it better come tomorrow :mad:
Score: 12 Votes (Like | Disagree)
Avatar
80 months ago
Very soon.....

My definition of "very soon," and Apple's definition of "very soon," are very different. :(
Score: 11 Votes (Like | Disagree)
Avatar
80 months ago
So are Apple going to block all these vulnerable apps from running until a fix is available? Or is that kind of calling-out just reserved for Flash.
Score: 7 Votes (Like | Disagree)
Avatar
80 months ago
i hope this is a separate security release, and not only available in 10.9.2.
Score: 6 Votes (Like | Disagree)

Top Stories

Apple Considering Delaying iPhone 12 Launch 'by Months'

Wednesday March 25, 2020 12:51 pm PDT by Juli Clover
Apple is preparing to delay the launch of the 2020 iPhones expected to be equipped with 5G technology, according to sources with knowledge of Apple's plans that spoke to Japanese news site Nikkei. Apple has reportedly held internal discussions about the possibility of delaying the launch "by months" over fears of how well iPhones would sell in the current situation, and supply chain sources...

Apple Helps Source Over 10 Million N95 Masks for Healthcare Providers in the U.S.

Wednesday March 25, 2020 10:25 am PDT by Juli Clover
Apple over the weekend announced plans to donate millions of N95 masks to hospitals in the United States and Europe, and according to Apple CEO Tim Cook, Apple has been able to source more than 10 million N95 masks in the U.S. and millions more in Europe. Apple CEO Tim Cook said on Saturday that Apple was aiming to donate supplies to healthcare providers fighting COVID-19, and clarified...

Hands-On With the New 2020 12.9-Inch iPad Pro

Wednesday March 25, 2020 2:10 pm PDT by Juli Clover
Apple last week announced new 11 and 12.9-inch iPad Pro models, and as of today, the new iPads are arriving to customers. We picked up one of the new 12.9-inch models and checked it out to see just what's new and whether it's worth buying. Subscribe to the MacRumors YouTube channel for more videos. When it comes to design, the new iPad Pro models are identical to the 2018 iPad Pro models, but ...

Kuo: Apple to Launch Several Macs With Arm-Based Processors in 2021, USB4 Support Coming to Macs in 2022

Thursday March 26, 2020 8:19 pm PDT by Joe Rossignol
Apple plans to launch several Mac notebooks and desktop computers with its own custom designed Arm-based processors in 2021, analyst Ming-Chi Kuo said today in a research note obtained by MacRumors. Kuo believes that Arm-based processors will significantly enhance the competitive advantage of the Mac lineup, allow Apple to refresh its Mac models without relying on Intel's processor roadmap,...

Apple Releases iOS and iPadOS 13.4 With New Mail Toolbar, iCloud Folder Sharing, Trackpad Support for iPad and More

Tuesday March 24, 2020 9:56 am PDT by Juli Clover
Apple today released iOS and iPadOS 13.4, the latest major updates to the iOS 13 operating system that was released in September. iOS and iPadOS 13.4 come two months after the release of iOS and iPadOS 13.3.1 with Screen Time Communication Limits. The iOS and ‌iPadOS‌ 13.4 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to...

Apple Releases macOS Catalina 10.15.4 With Screen Time Communication Limits and Real-Time Apple Music Lyrics

Tuesday March 24, 2020 10:21 am PDT by Juli Clover
Apple today released macOS Catalina 10.15.4, the fourth update to the macOS Catalina operating system that was released in October. macOS Catalina 10.15.4 comes a couple of months after the release of macOS Catalina 10.15.3. macOS Catalina 10.15.4 can be downloaded from the Mac App Store for free using the Update feature in the System Preferences app. The macOS Catalina 10.15.4 update...

Apple Says MacBook Air With Retina Display Can Exhibit Anti-Reflective Coating Issues, Unclear if Eligible for Free Repairs [Updated]

Thursday March 26, 2020 8:16 am PDT by Joe Rossignol
Apple this week acknowledged that MacBook Air models with Retina displays can exhibit anti-reflective coating issues, as indicated in a memo shared with Apple Authorized Service Providers and obtained by MacRumors. "Retina displays on some MacBook, MacBook Air, and MacBook Pro computers can exhibit anti-reflective (AR) coating issues," the memo states. Apple's internal service documentation ...

Hands-On With Apple's New Smart Keyboard Folio for the 2020 iPad Pro Models

Tuesday March 24, 2020 12:38 pm PDT by Juli Clover
Apple last week introduced new 11 and 12.9-inch iPad Pro models, which are set to arrive in the hands of customers starting this week. Apple introduced a nifty new Magic Keyboard with trackpad alongside the new iPad Pro models that's coming in May, but it also debuted a new Smart Keyboard Folio, which is available now. We picked up the Smart Keyboard Folio for the designed for the 2020 iPad...

Hands-On With the New $999 MacBook Air

Thursday March 26, 2020 1:45 pm PDT by Juli Clover
Alongside new iPad Pros last week, Apple also refreshed the MacBook Air, adding more storage, faster 10th-generation processors, and an updated keyboard. We picked up one of the new machines to take a look at some of the upgrades added in the 2020 update. Subscribe to the MacRumors YouTube channel for more videos. Design wise, there are no real external changes to the MacBook Air's body,...

Mobile Networks in Multiple Countries Display 'Stay Home' Message When Users Connect to Cellular Instead of WiFi

Tuesday March 24, 2020 3:46 pm PDT by Juli Clover
iPhone users in several countries who disconnect from WiFi on their devices will see a "Stay Home" message at the top of the Control Center where cellular network information is displayed. Image via Matt Navarra According to reports on Twitter, the status bar messages are showing up in countries that include Germany, Belgium, United Arab Emirates, Peru, Turkey, India, Luxembourg, Romania,...