Apple working to fix major exploit for both iOS and OSX

A flaw in Apple iOS and OSX operating systems, for mobile and desktop devices, could allow hackers to collect information relayed over secure protocols normally understood to protect the data with industry standard encryption methods. Mistakes in the implementation of session control during SSL transactions, a way to ensure that secure channels remain secure during the entire transmission, could allow attackers to view or modify data as it is exchanged between a user and their email or social media service.

Apple on Saturday said it is working to fix a flaw in OS X that could in some cases allow hackers to intercept communication sent using SSL/TSL security protocols. The same error was patched in an iOS update the company rolled out on Friday. In a statement provided to Reuters, Apple confirmed researcher findings that the same SSL/TSL security flaw fixed with the latest iOS 7.0.2 update is also present in OS X. The Cupertino company said it expects to have a software update ready for release “very soon.” “We are aware of this issue and already have a software fix that will be released very soon,” said Apple spokesperson Trudy Muller. On Friday, Apple quietly pushed out iOS 7.0.2, with accompanying release notes saying the software “provides a fix for SSL connection verification.” 

Read full article