[Owasp-ireland] Extremely critical crypto flaw in iOS may also affect fully patched Macs | Ars Technica

Fabio Cerullo fcerullo at owasp.org
Sun Feb 23 21:50:46 UTC 2014


Hi there,

A critical iOS vulnerability that Apple patched on Friday gives attackers
an easy way to surreptitiously circumvent the most widely used technology
for preventing eavesdropping on the Internet.

The flaw (one line of code), causes most iOS and Mac applications to skip a
crucial verification check that's supposed to happen when many transport
layer security (TLS) and secure sockets layer (SSL) connections are being
negotiated.

Full article here:

http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/

Regards,

Fabio Cerullo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140223/efa23722/attachment.html>


More information about the Owasp-ireland mailing list