Link: Apple’s ‘Gotofail’ Security Mess Extends To Mail, Twitter, iMessage, Facetime And More – Forbes

Apple’s ‘Gotofail’ Security Mess Extends To Mail, Twitter, iMessage, Facetime And More – Forbes

First, Apple revealed a critical bug in its implementation of  encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple’s desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked. Now one researcher has found evidence that the bug extends beyond Apple’s browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple’s software update mechanism. On Sunday, privacy researcher Ashkan Soltani posted a list of  OSX applications on Twitter that he says he’s determined use Apple’s “secure transport” framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL. The full list, which isn’t comprehensive given that Soltani only analyzed the programs on his own PC, is shown below. (Soltani has underlined the vulnerable application names in red.)
This entry was posted in Delicious and tagged , , , , , , , , , , , . Bookmark the permalink.