Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Fixes Major SSL Bug In OS X, iOS

Posted by Soulskill on from the more-broken-security-stuff dept.

Trailrunner7 writes: "Apple has fixed a serious security flaw present in many versions of both iOS and OS X and could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties."

2 of 96 comments (clear)

  1. Re:Not a open source issue. by buchner.johannes · · Score: 5, Informative

    It's a MITM attack. Heartbleed is not MITM.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  2. Re:Snow Leopard by jo_ham · · Score: 4, Informative

    An "early 2007 vintage" MBP can run Lion.

    If your machine is stuck on 10.6 then it's not "early 2007" but "early 2006".

    The youngest macbook pro that can't run anything later than 10.6 is the Early 2006 with the Core Duo CPU and 2GB RAM.

    Yeah, really "abandonware" there. *eyeroll*