Apple's recent security patch for iOS is a lot more critical for users of iPhone, iPad, and iPod Touch devices to install than was initially suspected, according to Chester Wisniewski, a Sophos senior security advisor.
Apple's mobile operating system is vulnerable to an updated version of a tool called sslsniff, that "allows users to easily perform man-in-the-middle attacks against SSL/TLS connections," Wisniewski wrote Wednesday on Sophos' NakedSecurity blog.
What's more the new version of sslsniff can apparently "identify vulnerable Apple devices and allows anyone to snoop on secure communications."
"This patch should be applied immediately if you log in to any service on your device, especially things like your bank or PayPal," Wisniewski writes. "Users are particularly vulnerable to this attack if they frequently use public/open WiFi."
The vulnerability is present in iOS versions 4.3.4, 4.2.9, 5.0b, and earlier. Unfortunately for users of Apple devices even just a couple of generations old, there is no fix, according to Wisniewski.
"If you are using an iPod Touch generation one or two, or an iPhone older than the 3GS, you will be perpetually vulnerable," he writes. "Owners of these devices should not use them for any purpose for which security or privacy is required."
And like a number of recently identified security vulnerabilities in Apple's Mac OS X operating system, the latest iOS vulnerability has a documented history—as a flaw originally seen in Microsoft software.
"Oddly the flaw in iOS was a widespread flaw in WebKit and Microsoft's CryptoAPI nine years ago," Wisniewski writes. "It allows any valid certificate purchased from a Certificate Authority to sign any other certificate, which the client device will then consider valid.
"This allows anyone who can capture traffic from your iPhone, iPad or iPod Touch with man-in-the-middle techniques to intercept and read any and all encrypted SSL traffic silently and without notification to the user."
Security researchers at Recurity Labs have created a website, https://issl.recurity.com, which iOS users can surf to with their devices to see if they are vulnerable. Tests by Betanews on a variety of iOS devices not using the most current version of iOS verified that the site is a reliable method for testing.
-News Source (NakedSecurity)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
mac-os
,
vulnerablity