Apple confirms OS X contains same security flaw we saw patched in iOS on Friday, fix on its way

14.02.22-CVE

In a statement provided to Reuters, Apple indeed confirmed findings that the same security flaw fixed with the latest iOS update is also present in OS X. Apple said that they expect to have a software update ready for release “very soon”.

“We are aware of this issue and already have a software fix that will be released very soon,” said Apple spokesperson Trudy Muller.

On Friday, Apple quietly pushed out iOS 7.0.6, with the accompanying release notes saying that the software “provides a fix for SSL connection verification.” A support document issued alongside the update read:

iOS 7.0.6

Data Security

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

 

Last Updated on

Tags: