-
iPhone 14, iPhone SE Sales in EU to Be Discontinued Due to Upcoming Regulation: Report21 December 2024 -
ChatGPT App for macOS Support Expanded to Apple Notes and Other Third-Party Apps20 December 2024
-
Huawei Surpassed Apple in Wrist-Worn Device Shipments in First Three Quarters of 2024: IDC19 December 2024
-
Apple Close to Winning Indonesian Approval to End iPhone 16 Ban After $1 Billion Investment19 December 2024
-
Apple Partners With Nvidia to Improve Performance Speed of Its AI Models19 December 2024
- Home
- Laptops
- Laptops News
- Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates
Apple patches serious 'triple handshake' bug with iOS 7.1.1, OS X updates
By NDTV Correspondent | Updated: 23 April 2014 21:02 IST
Advertisement
Yet another major security flaw has come to light, and Apple has released updates for its two major operating systems to address it. The HTTP "triple handshake" bug is considered extremely serious because it can be exploited to allow attackers to circumvent encryption on communications which rely on SSL for security.
Ars Technica reports that devices running iOS 7, OS X 10.9.x (Mavericks) and OS X 10.8.x (Mountain Lion) are vulnerable unless they install the latest updates. Apple's release notes for iOS 7.1.1 describe four security-related fixes, including one for the triple handshake bug, known as CVE-1295..
Apple's description doesn't include a severity rating, but describes the potential impact as "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL."
The bug allows attackers trick a client into sending them credentials by spoofing a connection to another trusted server. The credentials could then be reused with other servers, which would simply accept them without question. Apple's fix now ensures that credentials are verified against the original SSL certificate for each connection.
The update comes hot on the heels of another disclosure by Apple that its AirPort Extreme and AirPort Time Capsule routers were vulnerable to the Heartbleed OpenSSL bug. A patch for those products has also been released.
Apple was also forced to issue emergency OS updates in February this year for a security bug dubbed GoToFail, which tricked Web browsers into accepting SSL certificates without legitimate signatures.
Ars Technica reports that devices running iOS 7, OS X 10.9.x (Mavericks) and OS X 10.8.x (Mountain Lion) are vulnerable unless they install the latest updates. Apple's release notes for iOS 7.1.1 describe four security-related fixes, including one for the triple handshake bug, known as CVE-1295..
Apple's description doesn't include a severity rating, but describes the potential impact as "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL."
The bug allows attackers trick a client into sending them credentials by spoofing a connection to another trusted server. The credentials could then be reused with other servers, which would simply accept them without question. Apple's fix now ensures that credentials are verified against the original SSL certificate for each connection.
The update comes hot on the heels of another disclosure by Apple that its AirPort Extreme and AirPort Time Capsule routers were vulnerable to the Heartbleed OpenSSL bug. A patch for those products has also been released.
Apple was also forced to issue emergency OS updates in February this year for a security bug dubbed GoToFail, which tricked Web browsers into accepting SSL certificates without legitimate signatures.
Comments
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Related Stories
Advertisement
Follow Us
-
![Gadgets 360 With Technical Guruji: Ask TG [December 21, 2024]](https://www.gadgets360.com/static/desktop/images/spacer.png)
02:16
Gadgets 360 With Technical Guruji: Ask TG [December 21, 2024] -
05:45
Gadgets 360 With Technical Guruji: Audi A6 e-tron -
18:15
Gadgets 360 With Technical Guruji: Vivo X200 Series, Poco M7 Pro and Audi A6 e-tron -
03:46
Gadgets 360 With Technical Guruji: Hands on With the Vivo X200 and Vivo X200 Pro -
01:19
Gadgets 360 With Technical Guruji: Do You Know About the World's Water-Powered Computer?
Popular on Gadgets
- Samsung Galaxy Unpacked 2025
- ChatGPT
- Redmi Note 14 Pro+
- iPhone 16
- Apple Vision Pro
- Oneplus 12
- OnePlus Nord CE 3 Lite 5G
- iPhone 13
- Xiaomi 14 Pro
- Oppo Find N3
- Tecno Spark Go (2023)
- Realme V30
- Best Phones Under 25000
- Samsung Galaxy S24 Series
- Cryptocurrency
- iQoo 12
- Samsung Galaxy S24 Ultra
- Giottus
- Samsung Galaxy Z Flip 5
- Apple 'Scary Fast'
- Housefull 5
- GoPro Hero 12 Black Review
- Invincible Season 2
- JioGlass
- HD Ready TV
- Laptop Under 50000
- Smartwatch Under 10000
- Latest Mobile Phones
- Compare Phones
Latest Gadgets
- Moto G15 Power
- Moto G15
- Realme 14x 5G
- Poco M7 Pro 5G
- Poco C75 5G
- Vivo Y300 (China)
- HMD Arc
- Lava Blaze Duo 5G
- Asus Zenbook S 14
- MacBook Pro 16-inch (M4 Max, 2024)
- Honor Pad V9
- Tecno Megapad 11
- Redmi Watch 5
- Huawei Watch Ultimate Design
- Sony 65 Inches Ultra HD (4K) LED Smart TV (KD-65X74L)
- TCL 55 Inches Ultra HD (4K) LED Smart TV (55C61B)
- Sony PlayStation 5 Pro
- Sony PlayStation 5 Slim Digital Edition
- Blue Star 1.5 Ton 3 Star Inverter Split AC (IC318DNUHC)
- Blue Star 1.5 Ton 3 Star Inverter Split AC (IA318VKU)
- About Us
- Sitemaps
- Feedback
- Archives
- Contact Us
- RSS
- Advertise
- Career
- Privacy Policy
- Ethics
- Editorial Policy
- Terms & Conditions
- Complaint Redressal
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
