Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Apple says security flaw could allow hackers to beat iPhone encryption
Yahoo Finance ^

Posted on 02/21/2014 5:51:18 PM PST by Red in Blue PA

SAN FRANCISCO (Reuters) - A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said in a Friday afternoon announcement.

If attackers have access to a user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.

"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.

(Excerpt) Read more at finance.yahoo.com ...


TOPICS: News/Current Events
KEYWORDS: apple; iphone
Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last
To: conservatism_IS_compassion; Swordmaker
> whenever I click on a link, it doesn't automatically switch to the tab I want to view

There's a setting for that:

Firefox Menu -> Preferences -> Tabs -> check: "When I open a link in a new tab, switch to it immediately"

21 posted on 02/24/2014 12:44:06 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: for-q-clinton; Swordmaker
> Can’t be true. Swordmaker said only Microsoft has weak stuff like this.

Geez, for-q. Please stop being such an ass and misquoting Swordmaker. He never has said any such thing.

> Hell Microsoft hasn’t had a screw up this bad in over a decade.

You been asleep for a decade? That's not even a good joke, it's just false.

Hate to say it, for-q, but your slurs have become really, really boring and your inaccurate comments sound stupider with every retort. Since you're probably not actually stupid, why not try sounding more intelligent, and discuss the problem that way? It's easy:

- Apple screwed the pooch on some SSL cert checking code, opening up a vulnerability.

- They were able to roll out a fix for iOS devices very rapidly, and did so.

- The fix for OS-X (I assume actually for Safari) will take a little longer, perhaps because of the greater testing required in the much wider environment of OS-X (iOS is a fairly tightly controlled embedded environment).

You don't want to compare that error and response to numerous MS security screwups of the last decade, or MS's typical response time, trust me. Everybody screws up from time to time, and this one, while potentially serious, is nothing like the worst of the bunch.

Seriously, for-q. Get a grip. You're embarrassing yourself. Have a great evening.

22 posted on 02/24/2014 1:02:08 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Red in Blue PA
Apple says security flaw could allow hackers to beat iPhone encryption

Bet you one dollar that 'flaw' was designed and provided by the NSA, and Apple dutifully installed it.

23 posted on 02/24/2014 1:02:25 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RetiredTexasVet

Bingo.


24 posted on 02/24/2014 1:02:48 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Red in Blue PA; Swordmaker
> I thought I heard from Apple drones that this stuff cannot happen on Apple products.

You thought and heard wrong. Only the Apple haters say that bogus crap. Apple fans are often over-amped but they're generally not delusional, and they know that everybody makes mistakes, including Apple.

It cracks me up no end, that the folks who spend the most time spreading the story that Apple products are flawless are the very ones who hate Apple. You'd think they'd have learned by now, but apparently not. You're increasing Apple's profit margin every time you spout that silliness. (Not that I care, I don't own stock in any of these damn tech companies.)

25 posted on 02/24/2014 1:11:59 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz
> Bet you one dollar that 'flaw' was designed and provided by the NSA, and Apple dutifully installed it.

I doubt it. I saw an article with what claimed to be the flawed code, and it was way too obvious -- looked to me like a copy/paste error with a conditional line repeated, resulting in a few lines of code that would never be executed.

What's really embarrassing for Apple is that even the simplest of static analysis code checks should have pointed that right out. And that means either a) what I saw wasn't the real error, or b) Apple doesn't use static code analysis. The latter is a mistake of significant magnitude.

26 posted on 02/24/2014 1:16:18 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: dayglored

Thanks.


27 posted on 02/24/2014 2:45:27 AM PST by conservatism_IS_compassion ("Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: for-q-clinton
"Please tell me this can’t be true. Hell Microsoft hasn’t had a screw up this bad in over a decade."

Microsoft has its share, but the worst one right now is Adobe Flash, a far worse vulnerability than this. Take a look at the top three on this page (from 2/21):

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
That's a very serious problem affecting Windows, MacOS and Linux - allowing a root kit to be installed without you doing anything, and without any visible sign. I strongly suggest installing ClickToFlash or something similar at least.

This Apple flaw is only a problem if you're on a public, unsecured network. If you're on a secure hotspot, or connected to a wired network (as I am at the moment), there's no vulnerability. At any rate, I'm sure Apple will roll out a MacOS fix quickly - it should be an easy one at least.

28 posted on 02/24/2014 5:28:21 AM PST by PreciousLiberty
[ Post Reply | Private Reply | To 12 | View Replies]

To: PreciousLiberty

Does using a VPN in a public place help mitigate this?


29 posted on 02/24/2014 6:12:46 AM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 28 | View Replies]

To: Swordmaker

In the meantime...

http://osxdaily.com/2014/02/22/protect-mac-ssl-tls-security-bug/


30 posted on 02/24/2014 7:42:45 AM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 19 | View Replies]

To: dayglored

Actually, you are wrong.

I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.


31 posted on 02/24/2014 5:42:15 PM PST by Red in Blue PA (When Injustice becomes Law, Resistance Becomes Duty.-Thomas Jefferson)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Red in Blue PA
> Actually, you are wrong. I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.

Well, we have to be careful about our terms.

There are lots of malware types that are erroneously called viruses -- Trojans, email scams, phishing scams, keyloggers, etc. etc.

A true virus is self-sustaining, self-replicating malware that attacks the OS, inserts itself somewhere, does stuff, and then spreads itself without human help. That's what a computer virus is.

There are no "true viruses" in the wild for OS-X. There are a few laboratory curiosities, and there have been claims, but they always turn out to be something else that needs a human to download or install or replicate.

There certainly are a good number of human-vectored non-virus malwares that attack folks using OS-X. Call them something else, but they're not really viruses. It's a specific technical term, when used correctly. Do you call your car's engine a "wheel"? Okay, so don't call other types of malware a "virus".

Let's agree on this -- Apple fanboys got way too cocky years ago and some of that crap talk hasn't died out, so there probably are some die-hards who spout nonsense. There are some of those in every camp, why not in Apple's camp too.

But although they would be full of shit if they were saying Apple products are not vulnerable to malware -- that's clearly false -- they would be ALMOST correct if they are being specific about true viruses, because no one has built a successful one yet.

Why "almost"? Because it's always possible somebody will. So to claim invulnerability into the future is silly, and they shouldn't do it.

32 posted on 02/24/2014 6:01:29 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Swordmaker
Hi Swordmaker,

You can tell folks that OS-X Mavericks 10.9.2 is released for update, containing the fix.

Earlier releases of OS-X (Mountain Lion 10.8 and earlier) were not affected by the flaw and do not require update.

Looks like this tempest is over. The techblog headline writers who jizz in their pants while writing "Apple" and "Security Flaw" in the same line can now go back to writing about Windows XP's imminent death, waiting for the next batch of Windows Updates, or whatever they do in normal life.

33 posted on 02/25/2014 1:39:15 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: dayglored; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ..
ok. Apple has released the patch for OSX Mavericks that fixes the security problem. This hit ONLY Mavericks users... no other OSX users. So, Mavericks users, hit the Black Apple menu and software update...—PING!


Apple Security update for Mavericks Users Ping!

Please, No Flame Wars!
Discuss technical issues, software, and hardware.
Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!

If you want on or off the Mac Ping List, Freepmail me.

34 posted on 02/25/2014 1:59:40 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 33 | View Replies]

To: dayglored; for-q-clinton; Swordmaker
> Hell Microsoft hasn’t had a screw up this bad in over a decade.

You been asleep for a decade? That's not even a good joke, it's just false.


Complete Microsoft EMET Bypass Developed

I figure that's in the same league, and conviniently enough, appears to have been announced yesterday.

 

35 posted on 02/25/2014 3:12:21 PM PST by zeugma (Is it evil of me to teach my bird to say "here kitty, kitty"?)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored

Rapidly...this big is over 1 year old!!!! Lmao.


36 posted on 02/25/2014 3:47:17 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored

Nope applebots have repeatedly told that lie for over 10 years.


37 posted on 02/25/2014 3:48:33 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 25 | View Replies]

To: dayglored

By that definition when was the last virus on a supported windows platform? Oh there are none!


38 posted on 02/25/2014 3:50:40 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 32 | View Replies]

To: zeugma

I must be missing the point what’s the vulnerability in the OS that’s similar to ios and OSX bug?


39 posted on 02/25/2014 3:52:44 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Swordmaker

Thanks Swordmaker.


40 posted on 02/25/2014 4:17:04 PM PST by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | To 34 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson