Friday, July 29, 2011

Critical to Download Apple's iOS Security Patch


Recently, there has been news flying around about some issues with Apple’s mobile operating system. At first it didn’t seem like a huge deal, but according to Chester Wisniewski, a senior security advisor at Sophos, it is much more critical than was first believed that iPhone, iPad and iPod Touch users download Apple’s recent security patch for iOS.

“It is clearly critical that all users update as soon as possible, unless they only use their device for telephone calls,” Wisniewski wrote Wednesday, July 27 on Sophos’ NakedSecurity blog. He wrote that the Apple operating system is vulnerable to an updated version of a tool that is called sslsniff. It "allows users to easily perform man-in-the-middle attacks against SSL/TLS connections," he said.

He said that the new version of sslsniff can "identify vulnerable Apple devices and allows anyone to snoop on secure communications."

"This patch should be applied immediately if you log in to any service on your device, especially things like your bank or PayPal," Wisniewski writes. "Users are particularly vulnerable to this attack if they frequently use public/open WiFi."

According to Wisniewski, iOS versions 4.3.4, 4.2.9, 5.0b and earlier are vulnerable. He also said that there is no fix, even for devices that are only a couple of generations old.

"If you are using an iPod Touch generation one or two or an iPhone older than the 3GS, you will be perpetually vulnerable," he writes. "Owners of these devices should not use them for any purpose for which security or privacy is required."

"Oddly the flaw in iOS was a widespread flaw in WebKit and Microsoft's CryptoAPI nine years ago," Wisniewski writes. "It allows any valid certificate purchased from a Certificate Authority to sign any other certificate, which the client device will then consider valid.”

"This allows anyone who can capture traffic from your iPhone, iPad or iPod Touch with man-in-the-middle techniques to intercept and read any and all encrypted SSL traffic silently and without notification to the user."

If you haven’t fixed this issue yet, it is definitely something that you need to get on. You do not want to put your private information at risk.



Put your eye on the problem with Camera Security Now, installing security cameras since 1999. We install in the US and we can help you do it yourself.



Call us toll free 877-422-1907 between 8am EST and 5pm PST M-F. Talk to an expert about your serious security camera needs.

No comments:

Post a Comment