Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

* * * * *

Huge security issues with Mac OS X and iOS


The security is so bad I advised everyone who is running ios 6.x to 6.1.5 or 7.x - 7.0.5 to update quick.

As with Mac OS X 10.9.x I would not reccomend using it.

Basically: HTTPS does not work on MAC OSX and iOS < 7.0.6. Your passwords and credit card creds can be intercepted on networks.
The short story:

For over a year HTTPS has been unsecured on iOS 6.0 - to 7.0.5. Apple has patched the issue on 6.1.6 and 7.0.6. The bug is not present in 5.1.1. The bug is currently, still present in Mac OS 10.9.x Mavericks as is currently not fixed.

If you are saying, well what is the big deal, the issue has been there for a year, well now it is public knowledge. Your credit card information, passwords, etc, are no longer safe.

I highly reccomend everyone updating iOS, if it is not on 5.1.1 or lower.

For older devices unable to run iOS 7 your fix is 6.1.6 if you are on iOS 7 - your fix is 7.0.6.

Unfortunantly if you hate iOS 7 and you are still on iOS 6.x and your device is iOS 7, you will be forced to update, as you will be unable to download iOS 6.1.6.

If you are Mac OS X Mavericks, I do not reccomend using it, at all, until a fix is ready, or downgrade to Snow Leopard etc.

Alternatively, A third party patch for Mac OS X, which I cannot vouch for, is available from i0n1c. (Though I assume it safe).

Users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari.

Long story can be found here:

https://www.imperial...2/applebug.html and http://247wallst.com...-security-flaw/

The Good news:

If jailbreaking is your thing, iOS 7.0.6 and iOS 6.1.6 can still be jailbroken.


17 Comments

Does this only affect Safari users or am i safe with Firefox? Or is it the OS alone?
It should not effect Firefox or Chrome. However, the bug is present in  Applications such as, Mail, iMessage, iCal etc.

https://mobile.twitt...een_name=ashk4n

Keep in mind this seems to be only in Mac OS X 10.9.x (and as of today in the latest beta build).
Is it safer not to browse altogether or revert to Snow leopard as a last resort? Apple has a history of  being late in their updates. Should we just wait it out?
It is not just browsing, unfortunately.

But if it is me, I would change to Snow Leopard or something. Or just use Windows via bootcamp, until a fix comes out.

If I had to use Mavericks, and could not use bootcamp, I would just likely apply the unofficial patch from @ i0n1c. Now, I am sure some people, would be paranoid and not want to apply an unofficial patch, and I can understand that.
Thanks, i was wondering if you knew if my mid 2012 Mac book Pro 13in was capable of downgrading to SL (snow leopard) it came with lion 10.7 pre installed .

Processor  2.9 GHz Intel Core i7
Memory  8 GB 1600 MHz DDR3
Graphics  Intel HD Graphics 4000 1024 MB
Software  OS X 10.9.1 (13B42)
Yeah, you could.

Fix is live for Mavericks now.
Tried Downgrading with an old backup copy of SL, and it just says ...

"You can’t use this version of the application “Install Mac OS X.app” with this version of OS X."You have “Install Mac OS X.app” 23.1.

I imagine the old OS doesn't support the newer drivers, since the newer models have them burnt in.

awags0218, on 26 February 2014 - 02:30 AM, said:

"You can’t use this version of the application “Install Mac OS X.app” with this version of OS X."You have “Install Mac OS X.app” 23.1.
Are you using SL disc? Try boot SL installer disc by holding C button at startup. I am sure it will works.
I will give it a try. Thanks for the information "Waves" and "Reboot".
An huge software update went today from Apple 850 Mb... to 10.9.2
I haven't had any problems with my computer since I got it. Everything seems to be going well.
Good for you, but the bug still existed. ;)
The bug apparently has been fixed with the latest update

Free 4 Live
Apr 27 2014 09:11 PM
For jailbroken iOS <= 6.1.3:

add repo: 'http://yangapp.googlecode.com/svn/' (be sure to enter the HOLE link, also delete 'http://' that is already there when adding a new source!{don't know why, but it won't work in another way})

after that, install "SSL Patch" from that source and you're good to go, and should be safe again!
Apple released a security update for Mavericks, I assume this solves the issues here.
Hmm interesting.
Bug is not present in 10.10 (Yosemite)