Apple has admitted a bug in Mac OS X 10.9.1 could allow hackers to intercept and decrypt users' SSL-encrypted connections – and has vowed to release a fix "very soon."
The Cupertino giant issued updates for versions 7 and 6 of its mobile operating system iOS on Friday to address the same flaw in iDevices.
But it quickly became apparent that the vulnerability also exists in desktop and laptop computers running Mac OS X Mavericks, the latest public release of Apple's desktop OS.
The security hole was created by a trivial programming cock-up, which causes Apple's SSL/TLS library to skip over vital verification checks of a server's authenticity when establishing a connection.
No comments:
Post a Comment