Apple Tuesday pushed out security fixes for iOS and OS X that address a number of security bugs and vulnerabilities. One of the bigger issues is dubbed "triple handshake.”
Apple describes it in its security bulletin that covers OS X 10.8 and later, iPhone 4 and later, iPad 2 and later, and iPod touch 5G and later.
An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.
- Taking stock of Apple's own OS X apps
- Continuity Activation Tool now for USB dongles
- The backstory on iOS 8's wallpaper
- Twelve South announces BookBook for iPhone 6/6+
- Apple's new touching The Song ad
- Video: Post-It Note App for iOS captures your notes
- iDevices looks to jumpstart Homekit adoption
- Initial Apple-IBM enterprise solutions announced
- OWC announces SSD upgrade for new Mac Pros
- Apple TV gets YouTube update
- iTunes features best of 2014
- Link: Gift Guide for Bourbon Drinkers
- iPad 2 ad Change
- Jimmy Iovine interview on selling Beats to Apple
- Elgato ships Thunderbolt 2 Dock
- Quora: Should Apple recall the iPhone 6 Plus?
- Link - iCloud security tips
- Other World Computing Holiday Specials
- Trans Intl Holiday Deals
- Pocket reveals interesting metrics on iPhone 6 vs 6 Plus
- Dropbox now integrated with Microsoft Office
- Having a Password Emergency Kit
- Corning announced Gorilla Glass 4
- Mythbusters explain Gorilla Glass
- Podcast: App Store Get vs Free, Pappy Van Winkle, CoD, Plus More!
Browse and search for more articles