Plus: iThings and desktops at risk of NEW SSL attack flaw
By Shaun Nichols, 22 Apr 2014 Apple has released updates to its iOS and OS X operating systems that address serious security flaws.The company said the iOS 7.1.1 upgrade will include, as well as some stability updates, fixes for 19 security flaws.
One of those vulnerabilities is a "triple handshake" error in iOS SecureTransport – which is part of the OS that provides SSL/TLS encryption for stuff sent across the internet. The flaw, which also affects OS X 10.8.5 and 10.9.2, effectively allows a network snooper to maliciously inject data into a supposedly secure connection.
According to Apple, the bug allows an eavesdropper "to establish two [ssl] connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other".
Also fixed were a flaw in IOKit that leaked kernel pointers – handy for jailbreaking tools – and a possible login cookie disclosure flaw in the iOS HTTPProtocol component. According to Apple: "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie."
Full Article
No comment...as I am not an Apple fan or user...LOL!