password_hacking

Milagli / Shutterstock

Security


If you stopped using the Safari browser while patiently awaiting Apple’s OS X patch for the “Gotofail” security vulnerability publicized over the weekend, that’s smart.

Now strongly consider giving up Apple’s Calendar, FaceTime, Keynote, iBooks and Mail apps, as well as the Twitter Mac desktop client.

According to respected security researcher Ashkan Soltani, all of those products appear vulnerable to the same avenue of attack.

This is not a minor bug, as other reporters and security researchers have stressed.

An attacker could exploit the flaw to bypass the standard “SSL/TLS” security verification between devices and servers, enabling what’s known as a “man-in-the-middle attack.” Using this approach, a lurker can intercept the data flowing between your computer and a network connection, notably including a Wi-Fi signal in your neighborhood coffee shop.

Apple fixed the Gotofail fail for its mobile operating system on Friday, but has yet to issue an update for its desktop software. The company said Saturday that another patch would come “very soon,” but as of late afternoon Sunday it had yet to arrive.




1 comments
bobsulli
bobsulli

Has Apple ever issued a security update over a weekend? If the OS/X update is not here by late Monday or early Tuesday, then I'll be up on the soapbox with you.

Follow

Get every new post delivered to your Inbox.

Join 308,797 other followers