Monday, February 24, 2014

Apple SSL/TLS bug not yet fixed from my own iPad, at least

Sunday I discussed the code related to the Apple SSL/TLS bug (in secure socket layer).


  
A typical source explain the security implications is on iMore, by Nick Arnett, link here. The bug is related to an extra stray line of code which an attacker could execute to get a false connection to your data at a financial institution, if you were working through the iPhone, iPad, or a Mac OS.

Media reports Monday indicated that the bug was only “partially” fixed with a release today. 
  
I tried the “gotofail.com” site (given by iMore) on my iPad, and did get a warning from the iPad that it was vulnerable.
  .
The iPad did not prompt me to load a fix today.  The gotofail link did take me to another apple support link with more information, here.  
  
Curiously, if you to the “gotofail.com” as recommended by iMore in a windows environment with Webroot Secure Anywhere turned on, Webroot blocks it as potentially malicious!
There is a video which shows how to fix the bug without an upgrade. 

I don't know whether this works or not. 

Update: Feb 27

On Feb. 26, my iPad did indeed offer an update:

And then this:

No comments: