Apple Fixes Major SSL Bug In OS X, iOS 96
Trailrunner7 writes: "Apple has fixed a serious security flaw present in many versions of both iOS and OS X and could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties."
Not a open source issue. (Score:3, Insightful)
Tell me again how this whole issue with SSL is due to the nature of open source and how it's only the commie OpenSSL which can't be trusted...
Seems to me Apple's got a bit of a quality control issue itself.
What's Apple's excuse ?
Re:Not a open source issue. (Score:5, Insightful)
Snow Leopard (Score:3, Insightful)
I have a perfectly good MBP of early 2007 vintage running Snow Leopard which can't be upgraded, and it still does the job I need of it today. I can't bring myself to 'upgrade' to the modern MBP's as I hate the chicklet keyboard, so I'm swinging back to windows laptops (linux+windows) to avoid Apple abandonware in the future.
For all the criticism Microsoft gets, at least they don't abandon semi-old stuff.
Re:Not a open source issue. (Score:3, Insightful)
But the bug probably is heartbleed. They're just not disclosing that they were affected.