What you need to know about Apple’s SSL bug
Update: Apple has released 10.9.2, which patches the SSL vulnerability discussed in this article.
News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you.
Okay, so how did we find out about this?
On Friday, Apple issued what seemed at first to be a run-of-the-mill security update. According to the update’s initial documentation, the patch was supposed to “provide a fix for SSL connection verification.” But when Apple posted the patch’s security information to its website, the company revealed that the fix was for something quite serious: Without the patch, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” That was hardly run-of-the-mill.
To read this article in full or to leave a comment, please click here