Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
Network Security
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Apple Pushes iOS Update To Fix Epic Security Blunder
Apple Pushes iOS Update To Fix Epic Security Blunder

By Seth Fitzgerald
February 24, 2014 1:41PM

Bookmark and Share
Some members of the security community are chalking up the bug in Apple's iOS and Mac OS X to an unintentional mistake on Apple’s part, but others question why such a large company could have made a simple error. This sort of subtle bug deep in the iOS and Mac OS X code is a nightmare, but I believe it's just a mistake, said a security expert.
 



Hacks and bugs are almost unavoidable with any piece of software but a recent vulnerability found in Apple’s iOS has many experts surprised and worried. The tech giant spent the weekend trying to come out with fixes for a vulnerability that was first noticed by researchers in iOS and then later, Mac OS X as well.

The vulnerability is reportedly caused by a simple change in the iOS code that allows hackers to intercept and compromise sensitive banking information as well as other forms of communication like e-mail. One of the most concerning aspects of the so-called Gotofail bug is that it has been present in iOS for a significant period of time, leaving people with older iOS 6 devices at risk.

A Major Bug

Even though all of the details regarding the Gotofail bug have not been released to the public, researchers and experts who have found the issue for themselves are saying that it is a worst-case scenario.

“Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” according to a statement from Apple. This means that if a hacker is near a target device, he can use the vulnerability found in iOS and Mac OS X devices to steal information or alter communications to spread malware.

The bug, which affects the “goto” call command, simply allows a hacker to circumvent the SSL security system present in Apple’s software. Not only is this a simple hack, it is a flaw that is not unheard of when using “goto” commands. Normally the use of a simple piece of code like this would be fine, but somehow, a person was able to alter Apple’s code directly.

Any malicious piece of code that targets SSL security can leave a device completely open to a variety of different hacks. Since this is what happened with iOS and Mac OS X devices, users have been open to attacks for quite some time.

NSA Speculation

Some members of the security community are chalking up the bug to an unintentional mistake on Apple’s part but others question why such a large company could have made a simple error.

“This sort of subtle bug deep in the code is a nightmare,” security expert Adam Langley said in a blog post. “I believe that it's just a mistake, and I feel very bad for whomever might have slipped in an editor and created it.”

Researchers who have looked at the Gotofail bug have noted that it was first present in a version of iOS 6 around the same time as the Snowden NSA revelations began to come out. The initial Snowden reports suggested that the NSA had backdoors into products from technology companies, including Apple. This observation has fueled speculation that either Apple or the NSA was directly responsible for the lack of security.
 

Tell Us What You Think
Comment:

Name:





 Network Security
1.   Tor Working To Fix Security Exploit
2.   Wall Street Journal Hacked Again
3.   Dropbox for Business Boosts Security
4.   Hackers Breached StubHub Accounts
5.   Banks Hit by Android-Skirting Malware


advertisement
Tor Working To Fix Security Exploit
Bug reportedly reveals ID of users
Average Rating:
New Technology Defeats Privacy Efforts
Study identifies 3 browser techniques.
Average Rating:
Banks Hit by Android-Skirting Malware
34 institutions, four European countries
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Watson Gets His First Customer Service Gig
Since appearing on Jeopardy, IBM's Watson supercomputer has been making a living using his super-intelligent knowledge base for business verticals. Now, Watson's been hired for his first customer service job.
 
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 

Mobile Technology Spotlight
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Is the Amazon Fire Phone a Winner?
A late entry into a packed category of smartphones, Amazon's Fire phone offers a variety of unique features. Now, the reviewers are assessing if they're enough to make the phone stand out.
 
Review: Amazon Fire Offers New Ways To Use Phones
The Fire phone uses Android, but Amazon has modified it to the point that it's barely recognizable. That means the phone offers new ways to navigate, discover and, of course, shop.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.