AfterDawn: Tech news

Apple under fire after massive exploits found in iOS, OS X, Safari, Mail, Facetime, iBooks, Apple Update

Written by Andre Yoskowitz (Google+) @ 23 Feb 2014 23:43 User comments (19)

Apple under fire after massive exploits found in iOS, OS X, Safari, Mail, Facetime, iBooks, Apple Update Apple is having a rough week and fans of their products should be hoping for patches, as soon as possible.
The company revealed a critical bug in its iOS and Safari data security, and quickly released a patch, iOS 7.0.6. Following that revelation, researchers found the same bug for Mac OS X, and today another researcher says the security holes go way further, extending to nearly all of Apple's services and apps. The bug has been dubbed 'GoToFail' due to a single improperly coded 'goto' command in Apple's code.

Among the list of vulnerable apps and services are Mail, Twitter, Facetime, iMessage, iBooks and Apple's software update mechanism.

At the heart of the problem is Apple's "'secure transport' framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL."

Ashkan Soltani, a privacy researcher well known for analyzing documents leaked by Edward Snowden for the Washington Post, released the list of vulnerable apps. The researcher says if someone wanted to they could "fake that verification [of how Apple authenticates their secure connection with servers] and hijack or corrupt traffic using what's known as a "man-in-the-middle" attack."

The most disturbing revelation is the fact that Apple's update application is compromised. The update application is the mechanism that pushes security patches and more to OS X devices. At worst, malware could be pushed to victim's Macs.


Previous Next

Related news

 

19 user comments

124.2.2014 5:46

Ta-da!

"Security through obscu... huh?"


Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

224.2.2014 7:24

Hey, my above comment did not show on the "Latest User Comments" sidebar.... It's an Apple conspiracy-through-obscurity! :P






-------------------------------------------------------------------

This message has been edited since its posting. Latest edit was made on 24 Feb 2014 @ 7:31

Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

324.2.2014 7:52

The bigger they are the harder they fall.


ZX Spectrum 128K

424.2.2014 11:07

Major oversight on Apple's part.

524.2.2014 11:45

"But but but Apple is supposed to be safer and without troubles, viruses or complications"........."That's why I bought a MAC, because they don't have problems"

Isn't this what we've all heard at least once?!?!?!

624.2.2014 12:21

bazinga!

724.2.2014 13:59

No viruses on Mac, right?

Only crippling security exploits.



824.2.2014 15:23

Originally posted by nintenut:
No viruses on Mac, right?

Only crippling security exploits.
That is write absolutely know viruses on eh Mac. Just like that last sentence was all spelled correctly :) Can't wait to see a friend to berated me up and down that Macs never have any security holes and that they never had any viruses...

924.2.2014 17:05

The next Crapple bug could be dubbed 'GoToHell' !?
...and never return !!!

This message has been edited since its posting. Latest edit was made on 24 Feb 2014 @ 18:06

Live Free or Die.
The rule above all the rules is: Survive !
Capitalism: Funnel most of the $$$ to the already rich.

1024.2.2014 19:47

No O/S is ever 100% protected from STD's and other crap.

1125.2.2014 1:31

Originally posted by hearme0:
"But but but Apple is supposed to be safer and without troubles, viruses or complications"........."That's why I bought a MAC, because they don't have problems"

Isn't this what we've all heard at least once?!?!?!
Too right.

Originally posted by SomeBozo:
Originally posted by nintenut:
No viruses on Mac, right?

Only crippling security exploits.
That is write absolutely know viruses on eh Mac. Just like that last sentence was all spelled correctly :) Can't wait to see a friend to berated me up and down that Macs never have any security holes and that they never had any viruses...

Have fun :)

Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

1225.2.2014 21:40

Virus writers don't bother with Mac because why build something to infect 9 percent of the world's computer population when you can hit the other 91 percent just as easily?


1325.2.2014 23:53

Originally posted by DVDBack23:
Virus writers don't bother with Mac because why build something to infect 9 percent of the world's computer population when you can hit the other 91 percent just as easily?
"...when you can hit the other 91 percent just as easily?" I would dispute that. I would doubt that ANY virus writer would expect to catch anywhere near that percentage.

If I was an virus writer (and I'm talking in terms of identity theft, trogans, worms etc.) I would jump at the chance to nail a naive unsuspecting whole 9%.

In commercial terms 9% is an ENORMOUS number and would be a wet dream for such types. And iSheeps are usually moneyed. And are we looking at their extremely popular mobile tech too? Judging from the above, indeed yes.


So I guess the article writer above is wrong about Apple being in any trouble... hang on... that's you isn't it? :)



-----------------------------------------------------------------
This message has been edited since its posting. Latest edit was made on 26 Feb 2014 @ 6:52

Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

1426.2.2014 0:15

Jemborg, i agree as that 9%(apple) doesn't have the vast 3rd party support that the other 90%(Windows) for anti virus\malware programs.

1526.2.2014 6:52

Yes, and this doesn't count for those that just do it for... fun/because they can/they're malicious/kudos/hey it's Apple!

And it's not like nobody's ever written a virus for Macs either.


I saw this on national newsfeed initially. I don't have a thing against Macs really, though I think they make exaggerate claims and prices. You do what you can get away with I suppose.

This message has been edited since its posting. Latest edit was made on 26 Feb 2014 @ 6:56

Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

1626.2.2014 15:48

Originally posted by DVDBack23:
Virus writers don't bother with Mac because why build something to infect 9 percent of the world's computer population when you can hit the other 91 percent just as easily?
For name, fame & just fun.

Beside that many people are sick and tired of all the over-exaggerated Crapple Monopoly adds everywhere and everyday to Corporate gain & exploit more iSheeps.
This message has been edited since its posting. Latest edit was made on 26 Feb 2014 @ 15:58

Live Free or Die.
The rule above all the rules is: Survive !
Capitalism: Funnel most of the $$$ to the already rich.

1728.2.2014 20:13

DVDBack23, 9% of the world computers is a lot of computers. Ignoring them is like not picking up a $10 bill because it isn't a $100. I suspect most macs are loaded with bot nets. Most of the dopes using apple products aren't going to do anything.

The security patch will only help if the user starts from scratch. Who is going to do that???

Most PC users are too lazy as well. Nobody cares about server-side polymorphic malware. They can't even pronounce it. It is the ultimate malware. No AV scanner can protect it. A study 2 yrs ago showed the top 5 AV systems failed to stop 80 of the 80 advanced malware. I expect the malware has gotten stealthier since then.

1828.2.2014 23:47

Lol...Apple sheep having a tough time...lol. This is why I went with a BBZ10. Stuff like this does not happen with Blackberry; top notch security.

192.3.2014 2:27

Originally posted by kutulu1:
Lol...Apple sheep having a tough time...lol. This is why I went with a BBZ10. Stuff like this does not happen with Blackberry; top notch security.
Heh, we use Puppy Linux with Seamonkey browser for banking and finalising internet transactions.

Its a lot easier being righteous than right.


DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

Comments have been disabled for this article.

News archive