Tuesday, February 25, 2014

Goto Fail: Apple closes security hole in Mac - TIME ONLINE

Apple has now fixed the SSL security hole in its operating system on your Mac. Users can now download a software update.

Apple Goto Fail vulnerability has closed in the Macintosh operating system by its own account. The error had allowed attackers to plug into supposedly secure SSL connections and to read their contents and manipulate. To fix the bug, Mac users need to apply a software update of Mac OS X 10.9.2, which is available now.

The security bug affects the current operating system Mac OS X 10.9 Mavericks. In older Mac OS X versions apparently the mistake was not. Previously, Apple had already released a patch for its mobile devices iPhone and iPad. There had been a similar vulnerability in the SSL system of the mobile operating system iOS.


secure communication over SSL is used for example in online banking or used for payment at online stores and to protect the exchange of data from third parties. So far there is no information as to whether and to what extent the hole is actually exploited.

Is prism of the origin of SSL bugs?

about the origin of the bug is not yet known. The network is suspected, the vulnerability could have something to do with the NSA program Prism. The SSL bug first appeared in iOS 6.0, which was released in late September 2012. In October 2012 Apple has been added, according to a leaked NSA PowerPoint presentation to the Prism program.

Apple expert and blogger John Gruber lists five ways. At best, the NSA has not known about the vulnerability, in the worst case, the gap in agreement with Apple was placed in the source code. Gruber believes that while the NSA knew about the gap and abused her, the bow itself was not a deliberate leak. Google’s SSL expert Adam Lengley writes that he could be so in insufficient Code Review, that is an insufficient manual review of the source code, go back.


No comments:

Post a Comment