"The question is not whether we will be extremists, but what kind of extremists we will be. . . The nation and the world are in dire need of creative extremists." -- Martin Luther King Jr.
ALERT: Security Advisory - Apple SSL/TLS Man-in-Middle Attack
Published by: Kage, on 03:02 am Monday February 24th, 2014 - Source:
TL;DR
If your iPhone is running iOS 7.0.5 or earlier, you are vulnerable to an SSL/TLS Man-in-the-Middle attack and you should update your iPhone immediately. OS X is also vulnerable, but no update exists yet.
Not-so-TL;DR
On Friday, February 21st, 2014, Apple quietly released iOS patch 7.0.6, fixing a "SSL/TLS vulnerability" that was grossly overlooked. When the flaw was announced, many security experts aware of the details of the flaw had originally refused to even hint as to what the real attack was, for fear of setting loose a mass of possible attacks on as-yet-unpatched iPhones. The flaw has now been confirmed, resulting from an out-of-scope "goto" statement. Yes, apparently they still use "goto" statements at Apple.
You can test if you have the bug by loading this page on your iPhone. If this page says you are vulnerable to the SSL/TLS flaw, you should update your iPhone immediately.
It has also been confirmed this flaw is present on OS X. No OS X update is available yet.
HackThisSite is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.