Apple SSL Bug In iOS Also Affects OS X

Apple SSL Bug In iOS Also Affects OS X 140

Posted by timothy on Saturday February 22, 2014 @05:44PM from the sympathetic-reaction dept.

Trailrunner7 writes "The certificate-validation vulnerability that Apple patched in iOS yesterday also affects Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found. Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable."

Apple SSL Bug In iOS Also Affects OS X

Search 140 Comments Log In/Create an Account

Comments Filter:

Hmm... (Score:4, Funny)

by 93 Escort Wagon ( 326346 ) writes: on Saturday February 22, 2014 @06:00PM (#46312893)

The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
Coincidence? I think not!

Re:Apple (Score:4, Funny)

by Anonymous Coward writes: on Saturday February 22, 2014 @06:35PM (#46313055)

I bet your mom gives out root access to the world.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Apple SSL Bug In iOS Also Affects OS X 140

Apple SSL Bug In iOS Also Affects OS X More Login

Apple SSL Bug In iOS Also Affects OS X

Hmm... (Score:4, Funny)

Re:Apple (Score:4, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot