Apple SSL Vulnerability: 6 FactsApple SSL Vulnerability: 6 Facts
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates
February 25, 2014
The SSL vulnerability that affects iOS devices, as well as desktops and laptops that run the Apple OS X operating system, is easy to exploit and likely already being actively targeted by attackers.
So said New Zealand security researcher Aldo Cortesi, who reported Tuesday that he successfully adapted a free man-in-the-middle proxy tool called mitmproxy -- which is designed to intercept, modify, and replay HTTP and HTTP traffic -- to exploit the SSL flaw.
"I've confirmed full transparent interception of HTTPS traffic on both iOS (prior to 7.0.6) and OS X Mavericks. Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured," according to a blog post from Cortesi, who promised to not release his SSL-attack tweaks for mitmproxy until after Apple releases an OS X patch.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks