Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Apple says security flaw could allow hackers to beat iPhone encryption
Yahoo Finance ^

Posted on 02/21/2014 5:51:18 PM PST by Red in Blue PA

SAN FRANCISCO (Reuters) - A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said in a Friday afternoon announcement.

If attackers have access to a user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.

"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.

(Excerpt) Read more at finance.yahoo.com ...


TOPICS: News/Current Events
KEYWORDS: apple; iphone
Navigation: use the links below to view more comments.
first 1-5051-52 next last
I thought I heard from Apple drones that this stuff cannot happen on Apple products.
1 posted on 02/21/2014 5:51:18 PM PST by Red in Blue PA
[ Post Reply | Private Reply | View Replies]

To: Red in Blue PA

Yeah thank goodness it’s not crap like from Microsoft.....Oh wait.


2 posted on 02/21/2014 6:00:51 PM PST by Mastador1 (I'll take a bad dog over a good politician any day!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA

http://www.tuaw.com/2014/02/21/apple-issues-ios-7-0-6-6-1-6-security-updates/

The iOS 7.0.6 update appears to be available for all iPhones, iPods, and iPads running iOS 7. In addition, Ars Technica writes that iOS 6.1.6 has also been patched to address the SSL vulnerability. TUAW highly recommends that you install the appropriate update on your iOS devices as soon as possible.


3 posted on 02/21/2014 6:01:58 PM PST by HangnJudge
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA

Apple right now reminds Me of Disney after Walt died. they seem to be losing their way without the boss up front. Just an observation.

CC


4 posted on 02/21/2014 6:09:52 PM PST by Celtic Conservative (tease not the dragon for thou art crunchy when roasted and taste good with ketchup)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA

Oops


5 posted on 02/21/2014 6:14:52 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA

This only happened because Microsoft owns a part of Apple.

It IS Microsofts’ fault.


6 posted on 02/21/2014 6:22:38 PM PST by Balding_Eagle (Over production, one of the top 5 worries for the American Farmer every year.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Ping.


7 posted on 02/21/2014 6:55:13 PM PST by conservatism_IS_compassion ("Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: a fool in paradise
Electric pacifier PING!


8 posted on 02/21/2014 6:57:22 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious! We reserve the right to serve refuse to anyone!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!
Security flaw? Someone might know the user is right at that minute eating a glazed bacon donut with fair trade coffee at the Ritzy Co-op Vinyls Only Washeteria Hop.

Oh wait, that's what they use facebookstergram for.

9 posted on 02/21/2014 7:05:46 PM PST by a fool in paradise ("Health care is too important to be left to the government.")
[ Post Reply | Private Reply | To 8 | View Replies]

To: Red in Blue PA

I would assume that by “hackers” that would include the NSA.


10 posted on 02/21/2014 7:12:21 PM PST by RetiredTexasVet (On a good day Slow Joe doesn't do anything incredibly stupid ... waiting for that first good day!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA; Swordmaker

Can’t be true. Swordmaker said only Microsoft has weak stuff like this.


11 posted on 02/21/2014 7:12:40 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red in Blue PA; Swordmaker

Hey swordmaker I saw on the news where they said this is also impacting OSX (Mac books) and that there is no fix yet for it.

Please tell me this can’t be true. Hell Microsoft hasn’t had a screw up this bad in over a decade.


12 posted on 02/22/2014 10:26:56 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

bump


13 posted on 02/23/2014 5:53:56 AM PST by dangerdoc (I don't think you should be forced to make the same decision I did even if I know I'm right.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: for-q-clinton
Can’t be true. Swordmaker said only Microsoft has weak stuff like this.

Please cease and desist lying about what I have said.

14 posted on 02/23/2014 9:16:06 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Red in Blue PA; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ...
make certain you update you iOS devices immediately. There is an important security update to close an encryption hole that could expose you to malicious hackers seeking your data. —PING!


Apple iOS Ping!

If you want on or off the Mac Ping List, Freepmail me.

15 posted on 02/23/2014 9:19:57 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

From what I know, it is only iOS.


16 posted on 02/23/2014 9:20:59 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Swordmaker

Nope there is an issue with OSX.


17 posted on 02/23/2014 9:45:15 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 16 | View Replies]

To: for-q-clinton

From what I’ve found OSX users should use chrome or Firefox if you must use an untrusted public network, otherwise you’re OK IF YOURE ON YOUR OWN SECURE HOME NETWORK.


18 posted on 02/23/2014 9:50:05 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
if you are using an unknown network with OSX use Chrome or Firefox until Apple issues an update. Update iOS devices now! —PING!


Apple Ping!

If you want on or off the Mac Ping List, Freepmail me.

19 posted on 02/23/2014 9:56:14 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker
I've switched to Firefox, but I'm having a problem: whenever I click on a link, it doesn't automatically switch to the tab I want to view. And the worst part is that it creates the tab so quick that I don't realize any response is occurring, and I repeat the click! It really seems dramatically faster than Safari!

It also defaults to a much larger font than Safari does. Interesting.

20 posted on 02/23/2014 11:25:26 PM PST by conservatism_IS_compassion ("Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: conservatism_IS_compassion; Swordmaker
> whenever I click on a link, it doesn't automatically switch to the tab I want to view

There's a setting for that:

Firefox Menu -> Preferences -> Tabs -> check: "When I open a link in a new tab, switch to it immediately"

21 posted on 02/24/2014 12:44:06 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: for-q-clinton; Swordmaker
> Can’t be true. Swordmaker said only Microsoft has weak stuff like this.

Geez, for-q. Please stop being such an ass and misquoting Swordmaker. He never has said any such thing.

> Hell Microsoft hasn’t had a screw up this bad in over a decade.

You been asleep for a decade? That's not even a good joke, it's just false.

Hate to say it, for-q, but your slurs have become really, really boring and your inaccurate comments sound stupider with every retort. Since you're probably not actually stupid, why not try sounding more intelligent, and discuss the problem that way? It's easy:

- Apple screwed the pooch on some SSL cert checking code, opening up a vulnerability.

- They were able to roll out a fix for iOS devices very rapidly, and did so.

- The fix for OS-X (I assume actually for Safari) will take a little longer, perhaps because of the greater testing required in the much wider environment of OS-X (iOS is a fairly tightly controlled embedded environment).

You don't want to compare that error and response to numerous MS security screwups of the last decade, or MS's typical response time, trust me. Everybody screws up from time to time, and this one, while potentially serious, is nothing like the worst of the bunch.

Seriously, for-q. Get a grip. You're embarrassing yourself. Have a great evening.

22 posted on 02/24/2014 1:02:08 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Red in Blue PA
Apple says security flaw could allow hackers to beat iPhone encryption

Bet you one dollar that 'flaw' was designed and provided by the NSA, and Apple dutifully installed it.

23 posted on 02/24/2014 1:02:25 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RetiredTexasVet

Bingo.


24 posted on 02/24/2014 1:02:48 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Red in Blue PA; Swordmaker
> I thought I heard from Apple drones that this stuff cannot happen on Apple products.

You thought and heard wrong. Only the Apple haters say that bogus crap. Apple fans are often over-amped but they're generally not delusional, and they know that everybody makes mistakes, including Apple.

It cracks me up no end, that the folks who spend the most time spreading the story that Apple products are flawless are the very ones who hate Apple. You'd think they'd have learned by now, but apparently not. You're increasing Apple's profit margin every time you spout that silliness. (Not that I care, I don't own stock in any of these damn tech companies.)

25 posted on 02/24/2014 1:11:59 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz
> Bet you one dollar that 'flaw' was designed and provided by the NSA, and Apple dutifully installed it.

I doubt it. I saw an article with what claimed to be the flawed code, and it was way too obvious -- looked to me like a copy/paste error with a conditional line repeated, resulting in a few lines of code that would never be executed.

What's really embarrassing for Apple is that even the simplest of static analysis code checks should have pointed that right out. And that means either a) what I saw wasn't the real error, or b) Apple doesn't use static code analysis. The latter is a mistake of significant magnitude.

26 posted on 02/24/2014 1:16:18 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: dayglored

Thanks.


27 posted on 02/24/2014 2:45:27 AM PST by conservatism_IS_compassion ("Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: for-q-clinton
"Please tell me this can’t be true. Hell Microsoft hasn’t had a screw up this bad in over a decade."

Microsoft has its share, but the worst one right now is Adobe Flash, a far worse vulnerability than this. Take a look at the top three on this page (from 2/21):

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
That's a very serious problem affecting Windows, MacOS and Linux - allowing a root kit to be installed without you doing anything, and without any visible sign. I strongly suggest installing ClickToFlash or something similar at least.

This Apple flaw is only a problem if you're on a public, unsecured network. If you're on a secure hotspot, or connected to a wired network (as I am at the moment), there's no vulnerability. At any rate, I'm sure Apple will roll out a MacOS fix quickly - it should be an easy one at least.

28 posted on 02/24/2014 5:28:21 AM PST by PreciousLiberty
[ Post Reply | Private Reply | To 12 | View Replies]

To: PreciousLiberty

Does using a VPN in a public place help mitigate this?


29 posted on 02/24/2014 6:12:46 AM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 28 | View Replies]

To: Swordmaker

In the meantime...

http://osxdaily.com/2014/02/22/protect-mac-ssl-tls-security-bug/


30 posted on 02/24/2014 7:42:45 AM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 19 | View Replies]

To: dayglored

Actually, you are wrong.

I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.


31 posted on 02/24/2014 5:42:15 PM PST by Red in Blue PA (When Injustice becomes Law, Resistance Becomes Duty.-Thomas Jefferson)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Red in Blue PA
> Actually, you are wrong. I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.

Well, we have to be careful about our terms.

There are lots of malware types that are erroneously called viruses -- Trojans, email scams, phishing scams, keyloggers, etc. etc.

A true virus is self-sustaining, self-replicating malware that attacks the OS, inserts itself somewhere, does stuff, and then spreads itself without human help. That's what a computer virus is.

There are no "true viruses" in the wild for OS-X. There are a few laboratory curiosities, and there have been claims, but they always turn out to be something else that needs a human to download or install or replicate.

There certainly are a good number of human-vectored non-virus malwares that attack folks using OS-X. Call them something else, but they're not really viruses. It's a specific technical term, when used correctly. Do you call your car's engine a "wheel"? Okay, so don't call other types of malware a "virus".

Let's agree on this -- Apple fanboys got way too cocky years ago and some of that crap talk hasn't died out, so there probably are some die-hards who spout nonsense. There are some of those in every camp, why not in Apple's camp too.

But although they would be full of shit if they were saying Apple products are not vulnerable to malware -- that's clearly false -- they would be ALMOST correct if they are being specific about true viruses, because no one has built a successful one yet.

Why "almost"? Because it's always possible somebody will. So to claim invulnerability into the future is silly, and they shouldn't do it.

32 posted on 02/24/2014 6:01:29 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Swordmaker
Hi Swordmaker,

You can tell folks that OS-X Mavericks 10.9.2 is released for update, containing the fix.

Earlier releases of OS-X (Mountain Lion 10.8 and earlier) were not affected by the flaw and do not require update.

Looks like this tempest is over. The techblog headline writers who jizz in their pants while writing "Apple" and "Security Flaw" in the same line can now go back to writing about Windows XP's imminent death, waiting for the next batch of Windows Updates, or whatever they do in normal life.

33 posted on 02/25/2014 1:39:15 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: dayglored; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ..
ok. Apple has released the patch for OSX Mavericks that fixes the security problem. This hit ONLY Mavericks users... no other OSX users. So, Mavericks users, hit the Black Apple menu and software update...—PING!


Apple Security update for Mavericks Users Ping!

Please, No Flame Wars!
Discuss technical issues, software, and hardware.
Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!

If you want on or off the Mac Ping List, Freepmail me.

34 posted on 02/25/2014 1:59:40 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 33 | View Replies]

To: dayglored; for-q-clinton; Swordmaker
> Hell Microsoft hasn’t had a screw up this bad in over a decade.

You been asleep for a decade? That's not even a good joke, it's just false.


Complete Microsoft EMET Bypass Developed

I figure that's in the same league, and conviniently enough, appears to have been announced yesterday.

 

35 posted on 02/25/2014 3:12:21 PM PST by zeugma (Is it evil of me to teach my bird to say "here kitty, kitty"?)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored

Rapidly...this big is over 1 year old!!!! Lmao.


36 posted on 02/25/2014 3:47:17 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored

Nope applebots have repeatedly told that lie for over 10 years.


37 posted on 02/25/2014 3:48:33 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 25 | View Replies]

To: dayglored

By that definition when was the last virus on a supported windows platform? Oh there are none!


38 posted on 02/25/2014 3:50:40 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 32 | View Replies]

To: zeugma

I must be missing the point what’s the vulnerability in the OS that’s similar to ios and OSX bug?


39 posted on 02/25/2014 3:52:44 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Swordmaker

Thanks Swordmaker.


40 posted on 02/25/2014 4:17:04 PM PST by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | To 34 | View Replies]

To: for-q-clinton

> By that definition when was the last virus on a supported windows platform? Oh there are none!

Really now, for-q.

Windows is damn solid these days, but until Vista/7 such viruses were a regular feature of the landscape. If you read my pro-Windows posts on many other threads you’ll see I’ve been saying good things about Windows security for a long while.

But let’s not forget that XP is still on hundreds of millions of computers in use every day! When we talk about “Windows” those XP machines still count big time. And they’re not all patched, ya know.


41 posted on 02/25/2014 5:49:25 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: Swordmaker

Thanks for the info. Couldn’t find anything for mine, big screen mac, OS X 10.5.8.


42 posted on 02/25/2014 6:37:35 PM PST by Aliska
[ Post Reply | Private Reply | To 34 | View Replies]

To: dayglored

I know its amazing an OS that is 10 years old is still being widely used...that’s impressive!


43 posted on 02/25/2014 7:00:52 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 41 | View Replies]

To: for-q-clinton

not similar in method, but similar in scope. It shows demonstrates a security tool used for more or less sandboxing apps on microsoft systems has been completely compromised.


44 posted on 02/25/2014 7:46:06 PM PST by zeugma (Is it evil of me to teach my bird to say "here kitty, kitty"?)
[ Post Reply | Private Reply | To 39 | View Replies]

To: Aliska
Thanks for the info. Couldn’t find anything for mine, big screen mac, OS X 10.5.8.

You were never at risk, nor was any OSX user not on OSX Mavericks.

45 posted on 02/25/2014 7:48:00 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 42 | View Replies]

To: Red in Blue PA
I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.

A Mac, like any computer that is permitted to install software, is vulnerable to user installed Trojans. But, Red in Blue PA, there are no successful self installing, self transmitting, self replicating OSX viruses, worm, or other malware that meets the definition of a computer virus. There have been various candidates put forward over the past sixteen years that claimed to be the "first OSX Mac virus" but none ever proved viable. They all failed for the same reason: lack of a viable vector. Most of the candidates failed because they required user involvement at some point in the process of replication, transmit ion, or installation, and were at best were mere Trojans Horse applications.

Currently there are approximately 50 known Trojan Horse applications that can affect OSX in seven distinct families in the wild, all of which OSX itself, without the assistance of any anti-virus software, will identify and warn the user if he attempts to download, install, or download any one or a variation of them. Apple is very quick in pushing out updates to the definition file when a new variant is found.

As it stands, Macs running OSX have never been infected by a virus. . . under the accepted and technical definition of a computer virus. It may happen someday, but we are still waiting for that day.

46 posted on 02/25/2014 8:05:17 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 31 | View Replies]

To: zeugma

So an outside attacker can get your data or control your machine without user interaction? Or does the user have to install their app first? Also does this impact windows phone sandbox apps?


47 posted on 02/25/2014 8:10:54 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 44 | View Replies]

To: for-q-clinton

IF you want more details. I suggest you read the paper linked. That’s why I posted it here, so interested parties might locate information of interest. From the summaries, it looks like it means that their sandboxing is broken. I don’t run windows, so I don’t particularly care about the details.


48 posted on 02/25/2014 8:49:27 PM PST by zeugma (Is it evil of me to teach my bird to say "here kitty, kitty"?)
[ Post Reply | Private Reply | To 47 | View Replies]

To: zeugma
Love your tagline!

I had a friend who had his pets trained so that when he called, "Here, kitty, kitty!" -- the dogs came a-running. And, when he whistled, and called, "Here, pup!" -- here came the cats.

The animals couldn't care less -- as long as dinner was there for them.

But -- it sure messed with people's heads!! LOL!

49 posted on 02/25/2014 8:56:43 PM PST by TXnMA ("Allah": Satan's current alias... "Barack": Allah's current ally...)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Swordmaker

Thanks, Swordmaker


50 posted on 02/26/2014 3:20:18 PM PST by Aliska
[ Post Reply | Private Reply | To 45 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-52 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson