“Apple’s ‘Gotofail’ bug is a big deal because customers were exposed to risk for a long time,” Jonny Evans writes for Computerworld. “The only positive of this appalling oversight is that it illustrates why users of any platform should embrace the following security tips.”
“Apple released security updates for iOS 7 and iOS 6 last Friday following its discovery that: ‘An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,'” Evans writes. “What this means is that when you’ve been sending emails, checking your bank account or using most any online service on a shared network than an attacker can monitor what you do and find ways to steal or subvert your data.”
“The problem doesn’t affect iOS 5 devices, but OS X is affected, with Apple promising a fix ‘very soon,'” Evans writes. “It’s an appalling oversight (is it an oversight?), but even a big threat like this need not be a huge problem to Mac or iOS device users who follow these simple security tips.”
Read more in the full article here.
Related articles:
Reasons for delay in SSL fix to OS X unclear as a single line of code found responsible – February 24, 2014
Single line of code, but still no fix; former Apple security engineer Paget to Apple: ‘FIX. YOUR. SHIT.’ – February 24, 2014
Apple promises to fix OS X encryption flaw ‘very soon’ – February 23, 2014
Behind iPhone’s critical ‘GotoFail’ security bug, a single bad, really bad ‘goto’ – February 22, 2014
Protect a Mac from the SSL / TLS security bug (until fix arrives) – February 22, 2014