Apple Security Protocol Breach [UPDATED]

posted Feb 25, 2014, 11:54 AM by Shawn Kohrman   [ updated Feb 25, 2014, 12:26 PM ]
Background
There is a flaw in Apple’s iOs and OS X platforms that essentially allows a hacker to get in between the initial verification “handshake” connection between the user and the destination server, enabling the adversary to masquerade as a trusted endpoint. This means the connection which is supposed to be encrypted between you and your bank, email server, healthcare provider and more is open to attack.

Recommendations
  1. Update your Apple devices and systems as soon as possible to the latest available versions. 
  2. Do not use untrusted networks (especially WiFi) while traveling, until you can update the devices from a trusted network.
  3. On unpatched mobile and laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks
Update
Apple has released an software update for Mac laptops and desktops.













Sources
Comments