Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Iphone Security Apple

Sniffer Hijacks SSL Traffic From Unpatched IPhones 94

Posted by samzenpus
from the patch-your-phone dept.
CWmike writes "Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised nine-year-old tool, a researcher said as he urged owners to apply Apple's latest iOS fix. If iOS devices aren't patched, attackers can easily intercept and decrypt secure traffic — the kind guarded by SSL, which is used by banks, e-tailers and other sites — at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with Sophos. 'This is a nine-year-old bug that Moxie Marlinspike disclosed in 2002,' Wisniewski told Computerworld on Wednesday. On Monday, Marlinspike released an easier-to-use revision of his long-available 'sslsniff' traffic sniffing tool. 'My mother could actually use this,' he said."
This discussion has been archived. No new comments can be posted.

Sniffer Hijacks SSL Traffic From Unpatched IPhones

Comments Filter:
  • Breaks Jailbreak (Score:4, Insightful)

    by tecker (793737) on Thursday July 28, 2011 @12:11PM (#36909496) Homepage
    Problem is that applying this update for something that is not likely exploited in the wild will hose your Unteathered Jailbreak. Reports on twitter are that redsn0w pointed at 4.3.4 (or 4.2.9) will work for getting a tethered Jailbreak. Many jailbreakers likely wont bother.

    Wonder if someone will patch this like they did the PDF exploit and put it on Cydia.
  • by spinkham (56603) on Thursday July 28, 2011 @12:52PM (#36910088)

    iPod touch 2g also.

    It was still being sold as the 8 gig version less than 3 months before the announced last software update.

    The 3g 8gig was being sold around 6 months before the last announced software update.

    I understand not getting feature updates, but why can't we get security updates for a device apple was still selling a year ago?

Is your job running? You'd better go catch it!