Posted 23 February 2014 - 09:02 PM
- RickRotate'd.
-
-
Posts:
2223
-
Joined:
11-January 03
-
Gender:Male
-
Location:USA
-
Project:Gens/GS
-
Wiki edits:158
9001
A massive security hole was found in iOS (6.1/7.0) and Mac OS X (10.9) that results in certain fraudulent SSL certificates to be accepted as valid by Apple's SSL library.
This bug has been fixed in iOS 6.1.6 and 7.0.6 - if you have an iDevice,
GET THE UPDATE NOW.
This bug has not been fixed in Mac OS X 10.9 yet. If using 10.9 or 10.9.1, use Chrome or Firefox instead of Safari. Note that this bug also affects other Apple software that uses the SecureTransport library, including Mail.app.
UPDATE [2014/02/25]:
Mac OS X 10.9.2 is out, and it fixes the vulnerability. Get it now if you're using 10.9 or 10.9.1.
Mac OS X 10.8.x and earlier is not affected. The vulnerability was introduced when Apple switched from OpenSSL to their own SSL library.
To check if your system is vulnerable, go to
https://gotofail.com/ .
This post has been edited by GerbilSoft: 25 February 2014 - 02:06 PM
Reason for edit: 10.9.2 is out.
Posted 23 February 2014 - 09:13 PM
- FML and FU2
-
-
Posts:
7627
-
Joined:
27-April 08
-
Gender:Male
-
Location:Not where I want to be.
-
Project:Sonic (?): Coming summer of 2055...?
01
I had a customer try to talk me out of updating their iPhone the other day. I should've let him.
Posted 23 February 2014 - 09:13 PM
- Emerald Hunter
-
-
Posts:
831
-
Joined:
11-October 10
-
Gender:Male
-
Location:Brasil
-
Project:Sonic Classic Heroes; Sonic 2 Special Stage Editor; Sonic 3&K Heroes (on hold)
-
Wiki edits:12
31
I would advise caution about the upgrade -- it is critical and should be done, but there have been several reports of bricking caused by the upgrade (see
here, or
alternate). Go in with both eyes open, as the level of fail in Apple's part does not seem to be restricted to only the security flaw.
Posted 23 February 2014 - 09:33 PM
- FML and FU2
-
-
Posts:
7627
-
Joined:
27-April 08
-
Gender:Male
-
Location:Not where I want to be.
-
Project:Sonic (?): Coming summer of 2055...?
01
I doubly should've let him.
Posted 24 February 2014 - 05:05 PM
- Cat-herder
-
-
Posts:
14494
-
Joined:
12-January 03
-
Gender:Male
-
Location:Berkshire, England
-
Project:VGDB
-
Wiki edits:3,204
03
Conspiracy theories are flying around of course, that this bug was deliberately snuck in under orders of the NSA. Then though there's the OTHER theory that this is being released now because there's one just been placed in the new update and this will force everyone to upgrade. The thing about it of course is that because of the complete removal of any trust the agency may once have had, there is absolutely no way to know if either of these are true.
Posted 24 February 2014 - 05:05 PM
- roxoring your soxors
-
-
Posts:
3147
-
Joined:
11-January 03
-
Gender:Male
-
Location:wouldn't you like to know
-
Project:MDEM - Genesis programming stufz
-
Wiki edits:3
00
Ryan Petrich also released a Substrate tweak for those who are jailbroken and don't want to suffer a restore cycle.
Posted 25 February 2014 - 02:06 PM
- RickRotate'd.
-
-
Posts:
2223
-
Joined:
11-January 03
-
Gender:Male
-
Location:USA
-
Project:Gens/GS
-
Wiki edits:158
9001
Mac OS X 10.9.2 is out, and it fixes the exploit.
GET IT NOW if you're using Mac OS X 10.9!
EDIT: Looks like 10.7 and 10.8 are also affected. I don't see any updates for them on the Apple support website, though...
This post has been edited by GerbilSoft: 25 February 2014 - 02:17 PM
Reason for edit: 10.7 and 10.8 too!
Posted 23 February 2014 - 09:02 PM
9001
