Number: IRCNE2014062232
Date: 2014-06-29
According to “techworld”, security researchers revealed late Friday that iOS's validation of SSL encryption had a coding error that bypassed a key validation step in the Web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.
Apple released a patch Friday evening, available to al iOS users. iOS users should have already received a notification of the update's availability or have had it automatically installed, depending on their device's iOS version, update settings, and available space for downloading the update.
But on Saturday, several researchers reported that the flaw also affected OS X 10.9 Mavericks and perhaps other OS X versions. Late Saturday, Apple said it had a fix ready for OS X and would release it "very soon."
The update will be available through OS X's Software Update utility, which is set to download security updates automatically by default in recent OS X versions.
- 4