Forgot your password?
typodupeerror
OS X Bug IOS Security Apple

Apple SSL Bug In iOS Also Affects OS X 140

Posted by timothy
from the sympathetic-reaction dept.
Trailrunner7 writes "The certificate-validation vulnerability that Apple patched in iOS yesterday also affects Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found. Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable."
This discussion has been archived. No new comments can be posted.

Apple SSL Bug In iOS Also Affects OS X

Comments Filter:

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...