What is causing the iOS vulnerablity

A simple mistake found in Apple’s source code seems to be causing all the fuss with Apple’s OS. Macbook, Airs, ipads, iPhones but and other Apple devices. However simple it is, this small mistake makes Apple computers vulnerable to eavesdropping and spying. It breaks SSL encryption and just basically allows anyone to see your data.

iphone

The FIX is to update your system to iOS 7.0.6 ASAP

Good news is there is a fix. The bad news is that the fix is not available for devices that run on OSX (macbooks, air, and etc.).

So if you aren’t able to update your system, avoid any public internet access or use third party browsers such as Firefox or Google Chrome. Better yet, don’t use the computer at all!

Anyway, here is the piece of source code that caused all the problems:

static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; … if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; … fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; }

The red highlighted area is the bug.

That simple duplicate is the line gotofail; that basically causes the app to kill the verification and render SSL/TSL useless. And if you think you don’t use SSL, think again! Everybody who uses email, contact forms, online bank accounts use SSL! So in hindsight, this is a serious issue!

{loadposition googleads1}

Stuff like this happens but it is very rare especially with large tech companies that have a shit load of editors. As with the programmer who wrote this stuff, I would advise to back off on the caffeine and get more sleep; it seems that the sleep is lacking! (totally my theory on how this happened!)

Sleep does wonders in preventing simple mistakes and to your health!

Source:
http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062

*I use affiliate links at no cost to you. If you choose to make a purchase through my link I make a small commission. Thank you for trusting my recommendations!

Leave a Comment