Apple SSL Bug In iOS Also Affects OS X

Posted by timothy on Saturday February 22, 2014 @09:44AM from the sympathetic-reaction dept.

Trailrunner7 writes "The certificate-validation vulnerability that Apple patched in iOS yesterday also affects Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found. Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable."

2 of 140 comments (clear)

Min score:

Reason:

Sort:

Hmm... by 93+Escort+Wagon · 2014-02-22 10:00 · Score: 3, Funny

The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
Coincidence? I think not!

--
#DeleteChrome
Re:Apple by Anonymous Coward · 2014-02-22 10:35 · Score: 4, Funny

I bet your mom gives out root access to the world.