![]() ![]() Users should install them as soon as possible. The iOS and OS X updates Apple issued Tuesday, which Ars wrote about earlier here, fix a variety of other serious security vulnerabilities, some of which also affect Mac OS X Lion. Apple has reportedly updated its Airport Base Stations to fix that critical flaw as well, according to Macworld. More recently, the Internet was severely threatened by another extremely critical vulnerability in HTTPS software-the so-called Heartbleed bug in the widely used OpenSSL cryptographic library. More information about triple-handshake weaknesses is available here. Still, it's a serious bug because those apps are typically used by businesses and government agencies, where security is especially sensitive. By contrast, the triple handshake bug may be considered less severe because it affects a smaller class of applications. It wasn't fixed in OS X until four days after the bug became widely known, a delay that prompted criticism from security professionals because it potentially gave attackers a window to exploit Mavericks machines. "To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection." Advertisementįurther Reading Extremely critical crypto flaw in iOS may also affect fully patched MacsThe patch comes three months after the disclosure of a separate serious HTTPS vulnerability dubbed "goto fail" that similarly threatened iOS and OS X Mavericks users. "In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other," Apple's warning explained. Such "man-in-the-middle" attackers could exploit the bug by abusing the "triple handshake" carried out when secure connections are established by applications that use client certificates to authenticate end users. The bug makes it possible to bypass HTTPS encryption protections that are designed to prevent eavesdropping and data tampering by attackers with the capability to monitor traffic sent by and received from vulnerable devices. The flaw resides in the secure transport mechanism of iOS version 7.1 and earlier for iPhones and iPads and the Mountain Lion 10.8.5 and Mavericks 10.9.2 versions of Mac OS X, according to advisories here and here. Readers are urged to install the updates immediately. Ms Adams will succeed Bruce Sewell who is retiring as Apple's general counsel and senior vice president of Legal and Global Security at the turn of the year.Apple has patched versions of its iOS and OS X operating systems to fix yet another extremely critical cryptography vulnerability that leaves some users open to surreptitious eavesdropping. Based on Apple's recent closing price each portion of her RSUs is worth almost $10 million and up to a potential total value of $19.4 million - depending on company performance. ![]() Taking Apple's performance compared to others in the S&P 500 over the next three years, the new legal head could see the second part of her award double - but if if Apple was to underperform she could get nothing. The second part of the award consists of up to 57,482 RSUs, a percentage of which will vest on Octobased on Apple's relative total shareholder return between Novemand September 26, 2020. The revelations came from a mandatory disclosure filed with the US Securities and Exchange Commission which shows that the first part of the award to the former general counsel at Honeywell consists of 57,482 RSUs that vest in quarterly instalments on the 13th of May 2018, November 2018, November 2019 and November 2020 - as long as she remains employed by Apple at the time. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |