TMCnet - World's Largest Communications and Technology Community



Voltage Security comment on latest iOS security flaw and patch
[February 24, 2014]

Voltage Security comment on latest iOS security flaw and patch

(M2 PressWIRE Via Acquire Media NewsEdge) Commenting on the latest iOS security flaw, which has now been patched, Mark Bower, VP at Voltage Security, answered the following: 1. What's the meaning of the flaw and what do users need to do now? "The flaw basically means a critical check on the validity of a server's SSL certificate is ignored when an app is establishing a secure connection. That might be your electronic banking application, your email, or a browser. This means that for quite some time, attackers with knowledge of this bug had the ability to mount man-in-the middle attacks to users operating Apple devices.

This could have allowed interception or modification of SSL communications which are supposed to be private and encrypted. The impact is to the many commonly use browsers, email clients, instant messaging clients, social network apps and so on.

The bug has been fixed in the latest iOS release, but the current Mac OS X also appears to have the flaw and until a patch is available, OS X based laptops, desktops and servers are vulnerable." 2. Should users download the patch? "They should patch immediately. This is a major bug that puts users' sensitive data like login credentials, passwords, email, and browsing data at risk. When Apple releases for OS X, users should patch at their earliest opportunity. Until then, users should be very wary of accessing web content that is sensitive, especially on a network that attackers may also be on at the same time - which is more often than you might think." 3. What else? "Even the best companies can make mistakes. In this case a major flaw persisted for a long time. Using solutions for data protection from leading experts in data security who use secure software development practices, security validation and independent tests can help avoid this kind of situation when selecting tools for enterprise data protection." Eskenzi PR +44 (0)207 183 2834 .


[ Back To's Homepage ]

Technology Marketing Corporation

35 Nutmeg Drive Suite 340, Trumbull, Connecticut 06611 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments:
Comments about this site:


© 2017 Technology Marketing Corporation. All rights reserved | Privacy Policy