Level Nine Sports, where families ski and ride...
The Kernel

 advertise with indeep media

Apple Races to Patch Security Flaw

Posted: February 23rd, 2014 | Author: | Filed under: Apple, Hack!, Technoid Computer News | Tags: , , , , | Comments Off on Apple Races to Patch Security Flaw

Apple Race to Patch Security FlawApple says it is about to issue a software update “very soon” to cut off the ability of spies and hackers to grab email, financial data and other sensitive information from Mac computers and mobile devices.

The consumer electronics giant confirmed findings that a major security flaw in it’s mobile devices – iPhones and iPads – also appears in notebook and desktop machines running OS X.

Apple spokesperson Trudy Muller says “We’re aware of this issue and already have a software fix that will be released very soon.”

Apple released a fix on Friday afternoon for the mobile devices running iOS, most devices will update automatically. \However, when the fix went live, experts dissected it finding the same fundamental issues in the operating system for Apple’s Macintosh machines.

Apple is apparently racing to push out the fix before intelligence agencies and crooks get to write programs to take advantage of the flaw. Many analysts are questioning the accidental nature of the flaw ::::
Apple Races to Patch Security Flaw
The flaw is so odd that researchers faulted Apple for inadequate testing, many speculating that it had been introduced deliberately, either by a rogue engineer or a spy. Former intelligence operatives said that the best “back doors” often look like mistakes. Apple spokesperson, Ms Muller declined to address the theories.

“It’s as bad as you could imagine, that’s all I can say,” Johns Hopkins University cryptography professor Matthew Green said.

Adam Langley, who deals with similar programming issues as a Google engineer, wrote on his personal blog that the flaw might not have shown up without elaborate testing.

“Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.” Mr Langley wrote. “I believe that it’s just a mistake and I feel very bad for whomever might have slipped up.”

Apple Races to Patch Security Flaw - The Apple Bug

Mr Langley says the bug – above – “Affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X (confirmed on 10.9.1). It affects anything that uses SecureTransport, which is most software on those platforms although not Chrome and Firefox, which both use NSS for SSL/TLS. However, that doesn’t mean very much if, say, the software update systems on your machine might be using SecureTransport.”

The problem lies in the way the software recognises the digital certificates used by banking sites, Google’s Gmail service, Facebook and others to establish encrypted connections.

A single line in the program and an omitted bracket meant that those certificates were not authenticated at all, so that hackers can impersonate the website being sought and capture all the electronic traffic before passing it along to the real site. In addition to intercepting data, hackers could insert malicious web links in real emails, winning full control of the target computer.

The intruders do need to have access to the victim’s network, either through a relationship with the telecommunications carrier or through a WiFi wireless setup common in public places.

WiFi Vulnerable Until Fix Installed

Industry veterans warned users to avoid unsecured WiFi until the software patch is available and installed. The bug has been present for months, according to researchers who tested earlier versions of Apple’s software.

No-one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it had not been used.

But documents leaked by former US intelligence contractor Edward Snowden showed agents boasting that they could break into any iPhone, and that had not been public knowledge either.

Apple did not say when or how it learned about the flaw in the way iOS and Mac OS handle sessions in what are known as secure sockets layer or transport layer security. Those are shown to users by the website prefix “https” and the symbol of a padlock.


RELATED! Apple Agrees to Refund Unauthorised Child Purchases

Apple Agrees to Refund Unauthorised Child PurchasesConsumer electronics giant, Apple, has agreed to refund at least $AU36 million to US customers whose children made purchases from its online App Store without parental consent.

The US Federal Trade Commission – FTC – says Apple has also agreed to modify its practice – which until now had allowed children to make purchases on a mobile device 15 minutes after a password was entered.

FTC chairwoman Edith Ramirez says Apple failed to inform parents of the 15-minute window that could allow children to make purchases ranging from $1 to $100 for each app.

Ms Ramirez says that because of the loophole, “children ran up millions of dollars in charges without their parents’ knowledge and consent,” a violation of federal rules, saying that “consumers will be obtaining full redress” for any unauthorised charges :: Read the full article »»»»

RELATED! Apple Knows EXACTLY Where You Are With iBeacon

Apple Knows EXACTLY Where You Are With iBeaconApple’s got its eye on you, the consumer gadget behemoth is watching you as you wander about it’s store. Armed with the power to push you toward product, iBeacon – Apples instore location technology – will feed you all the information you need to make your Apple Store experience much more efficient, and much more… well, Applesh

Apple demonstrated the technology to journalists at it’s Fifth Avenue store in New York City on Friday. And while Apple isn’t the first to offer instore mapping – Macy’s teamed up with Shopkick last month to deliver the first retail-based iBeacons in it’s new York and San Francisco stores – Apple’s foray into this fast evolving technology is expected to boost uptake.

Apple first introduced iBeacon at its annual Worldwide Developers Conference in June this year, though the technology isn’t new, however the introduction of Bluetooth 4.0 has revolutionised it’s use.

iBeacons can be adjusted to highlight specific products as they allow for extremely precise indoor positioning, distinguishing between locations or items that are less than a metre apart, which isn’t possible with traditional GPS :: Read the full article »»»»

RELATED! Apple Concedes Misleading Warranty Terms

Apple Concedes Misleading Warranty TermsConsumer gadget behemoth Apple, has finally come to terms with Australia’s consumer watchdog, conceding to a number of measures to avoid court action over its handling of consumer guarantees and warranties.

The ACCC – Australian Competition and Consumer Commission – has been investigating Apple’s consumer guarantee policies and practices for more than 12 months.

The ACCC was concerned Apple had made a number of false or misleading representations to consumers about their entitlements when their products were faulty or needed repairs.

Apple has conceded some of its policies might have contravened Australian Consumer Law, and is taking a number of compliance measures including re-educating it’s genius team :: Read the full article »»»»



Apple Source Code

source: apple/scribd
source: adam.langley
image source: indeepmedia

Comments are closed.