Apple Admits OS X Also Has SSL Security Flaw, Fix Coming Soon

Apple recently dished out the iOS 7.0.2 update which, among other things, patched a security flaw in the mobile OS. Now, the company has confirmed that OS X contains a similar flaw and that a patch is coming very soon.

OS X security

We are able to gauge the nature of this flaw in OS X quite well given that the release notes of iOS 7.0.2 come with a brief description of it. The release notes explain the flaw as this:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.”

In other words, a hacker can intercept communication using SSL/TSL security over an OS X machine until a patch arrives and takes care of this security flaw. It occurs due to a faulty interpretation of digital certificates which are needed to establish a secure SSL/TSL connection for safe communication. All Apple needs to do is plug in the missing code and the issue will be resolved, which is apparently what the iOS 7.0.2 update has done for iOS.

According to an Apple spokesperson, “We are aware of this issue and already have a software fix that will be released very soon.” OS X users can expect a patch to arrive within the next two to three days. Until then, hang in tight and don’t divulge any critically significant information over an SSL/TSL connection.

Courtesy: Apple Insider

[ttjad keyword=”android-device”]

Salman

Salman Latif is a software engineer with a specific interest in social media, big data and real-world solutions using the two.Other than that, he is a bit of a gypsy. He also writes in his own blog. You can find him on Google+ and Twitter .

Leave a Reply