iOS/OSX SSL Vulnerability
Apple released a patch for iOS devices on February 21, 2014. This patch fixes an […]
Apple released a patch for iOS devices on February 21, 2014. This patch fixes an SSL vulnerability in the way that the SSL protocol was implemented. The underlying security issue is extremely devastating. It allows a malicious third party to mount a man-in-the-middle attack that would allow them to decipher any SSL-encrypted communication between an iOS device and a web server (note that the flaw also applies to OS X devices as well). The upshot is that the confidentiality of the data being communicated to and from the device is violated, even though the end user thinks everything is OK. In this video, Elastica describes the mechanics of this flaw so that you can better understand its implications. In either case, you should update your devices immediately from a safe location (e.g., avoiding any public hotspots).