Apple to kill off SSL 3.0 notifications due to Poodle vulnerability
A

Apple said Wednesday it will stop supporting the encryption standard Secure Sockets Layer 3.0 for its push notifications service in response to a vulnerability identified earlier this month in the aging protocol. Apple announced on its developer site that it will switch on October 29 from SSL 3.0 to Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling. Disclosed earlier this month, the vulnerability, called Poodle, allows encrypted information to be exposed by an attacker with network access.

Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday. Support for SSL 3.0 will cease as of Oct. 29, it said. “Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected,” according to a note to developers. “Providers that support both TLS and SSL 3.0 will not be affected and require no changes.” Google researchers revealed last week they found a flaw in SSL (Secure Sockets Layer) version 3.0, which was released more than 15 years ago. SSL has been replaced by TLS (Transport Layer Security), but the old versions are still used by some servers across the Internet and are supported by web browsers. The researchers found it was possible using a man-in-the-middle attack—nicknamed “POODLE”—to downgrade the SSL/TLS connection to the less-secure 3.0 version, where the flaw could allow an attacker to steal a person’s authentication cookies. The attacker and victim must be on the same network, posing a risk to people using public Wi-Fi.

NOTE: TECHi Two-Takes are the stories we have chosen from the web along with little bit of our opinion in a paragraph. Please check the original story in the Source Button below.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Interested in TECHi Feed RSS?

Get the latest insights, tips, and updates on revolutionizing your workspace to your inbox.

Popular This Week