Apple did not have a good weekend. They just disclosed a flaw in their implementation of SSL and TLS encryption that essentially is as bad as it gets. In their disclosure they said that “the software failed to validate the authenticity of the connection.” This vulnerability is a “fundamental bug in Apple’s SSL implementation” that essentially opens up iOS encrypted email and browser communications to anyone on the same Wi-Fi network. We are talking about a full Man in the Middle attack for all of Apple’s main products.
Without the patch Apple released this weekend anyone at Starbucks could read your emails and encrypted web communication. Talk about rock solid business ready security. I am just wondering how Apple learned about the vulnerability… Either way I HIGHLY recommend you tell all your friends on iOS to upgrade ASAP. Security researchers have confirmed that the flaw also exists on OSX and a patch will probably be coming soon!
via Reuters. Thanks Maulik for the tip!