“A security flaw discovered in Apple’s iOS and OS X operating systems on Friday still has not been completely fixed and Apple is remaining typically silent on the issue,” Jacqueline Sahagian writes for Wall St. Cheat Sheet.
“It’s a silence that could lead to millions of Apple users being affected by a security hole that can allow a hacker to intercept transactions on sites that are supposed to be secure,” Sahagian writes. “Apple acknowledged the flaw over the weekend and issued updates for iOS 6 and 7, but according to researchers the problem has not been solved, and there’s not yet an update for laptop and desktop computers.”
“The bug affects the secure connections used when accessing bank accounts, emails, shopping online, or any other activity that demands secure encryption. SSL/TLS stands for Secure Socket Layer and Transport Layer Security, which are the technologies used to ensure that you have a secure session in your browser when accessing sensitive information,” Sahagian writes. “‘Goto fail’ compromises that security and makes checking your bank account or making a purchase online risky, especially when using public Wi-Fi… Apple has hardly lifted a finger to notify users at all, which is only leaving the many people who use the company’s products at risk… Apple has been getting some pretty negative attention from the tech press and community due to its handling of the issue, which hopefully could persuade the company to issue some kind of statement or at least notify users that they should perform an update as soon as possible.”
Read more in the full article here.
MacDailyNews Take: Crickets.
Security expert captures all SSL traffic via Apple’s OS X ‘GotoFail’ flaw – February 25, 2014
Apple’s deafening silence on ‘GotoFail’ security flaw – February 24, 2014
8 ways to stay safe online while Apple works to fix ‘Gotofail’ flaw – February 24, 2014
Reasons for delay in SSL fix to OS X unclear as a single line of code found responsible – February 24, 2014
Single line of code, but still no fix; former Apple security engineer Paget to Apple: ‘FIX. YOUR. SHIT.’ – February 24, 2014
Apple promises to fix OS X encryption flaw ‘very soon’ – February 23, 2014
Behind iPhone’s critical ‘GotoFail’ security bug, a single bad, really bad ‘goto’ – February 22, 2014
Protect a Mac from the SSL / TLS security bug (until fix arrives) – February 22, 2014