Yesterday Apple Fixed A Bug In iOS 7. It’s A Doozy

BY: JONATHAN SHIEBER

1B-Apple-scheme

Yesterday Apple announced a fix to a security bug in its iOS 7 system. Today Web security experts have parsed the patch to figure out what exactly the problem was… And apparently it’s a doozy.

Wired has all of the gory details:

“[The] terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. “Ok, I know what the Apple bug is,” tweeted Matthew Green, a cryptography professor at Johns Hopkins. “And it is bad. Really bad.”

The culprit of what may be one of Apple’s biggest security snafus is an extra “goto” in one part of the authentication code, Wired reported. That spurious line of code bypasses the rest of the authentication protocols.

The bug could could allow hackers to intercept email and other communications that are meant to be encrypted, according to a Reuters report which was issued late on Friday night.

Meanwhile, ZDNet notes that macs may have been left vulnerable.

As ZDNet’s contributing editor Larry Seltzer wrote:

Make no mistake about it, this is a very serious bug. The bug makes it fairly straightforward to intercept and decrypt SSL/TLS communications, probably the most important security protocol there is today.

Advertisements

** COMMENT HERE ** no need to put your email address in just put your comment and name or leave name field blank to stay anonymous

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s