• Home
  • Apple News
  • Jailbreak News
  • Android News
  • Wallpapers
  • Deals

iJailbreak | Jailbreak And iOS News

iJailbreak is an online resource for jailbreak and unlock iPhone, iPad, iPod Touch, Apple TV and iOS news.

  • How To Jailbreak
    • Cydia Installer: Everything You Need To Know
    • What Is Jailbreaking? Why Should I Jailbreak?
    • Untethered vs Tethered vs SemiTethered Jailbreak
  • Jailbreak Software Tools
    • PP Jailbreak
    • TaiG
    • Pangu
    • Evasi0n (Evasi0n7)
    • Absinthe
    • JailbreakMe.com
    • RedSn0w
    • GreenPois0n
    • Sn0wBreeze
    • PwnageTool
    • LimeRa1n
    • Spirit
    • BlackRa1n
    • Seas0nPass
    • Developers
  • How To Unlock
  • How To Downgrade
    • How To Save SHSH Blobs
    • TinyUmbrella
    • iFaith
    • F0recast
  • Cydia Tweaks
    • Top / Best Cydia Tweaks
    • Best Cydia Sources
    • Siri Cydia Tweaks, Hacks, Mods
    • Spire Proxy Host List
  • How To Root
    • Top / Best Custom ROMs
  • Downloads

Gotofail SSL Bug Also Affects Mac Apps Like Mail, Messages And FaceTime

February 24, 2014 by Jaden Easton-Ellett Leave a Comment

Yesterday we told you about the worrisome SSL bug that affected both iOS and Mac. Of course Apple has already patched the bug, nicknamed Gotofail, on iOS but on the Mac the bug is still prevalent when using Safari. At first it was thought this bug only applied when users were browsing the net through Safari, but now it has been discovered the situation is much worse.

Private security researcher, Ashkan Soltani has found that the bug also affects other Mac applications such as Mail, FaceTime, Messages, Calendar etc., and not just Apple’s Safari browser. According to Forbes:

On Sunday, privacy researcher Ashkan Soltani posted a list of  OSX applications on Twitter that he says he’s determined use Apple’s “secure transport” framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL. The full list, which isn’t comprehensive given that Soltani only analyzed the programs on his own PC [..]

[..] The bug affects how Apple devices authenticate their secure connection with servers, allowing an eavedropper to fake that verification and hijack or corrupt traffic using what’s known as a “man-in-the-middle” attack. ”All these apps would be vulnerable to the same man-in-the-middle vulnerability outlined on Friday,” Soltani says.

It is worth noting that there is an extra layer of security in place for these applications, which may reduce the effects of the security vulnerability, but certain parts of the protocol  like the initial handshake that rely on TLS could still be vulnerable to man-in-the-middle attacks. Furthermore, Apple’s update mechanism could also be vulnerable to spoofing.

screenshot-gotofail

Red underlines show the vulnerable applications.

The vulnerability is a result of a silly error which some have even said was intentionally introduced by Apple, to give the NSA a way to tap into the data going through secure networks. So just what was this error? Well it emerged from the portion of the code that verified the authenticity of the server was never reached. Essentially someone on the same Wi-Fi network as you could intercept data and alter it / steal your sensitive information.

Right now your only protection from this vulnerability is to only connect to networks you trust, not public networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Read Our Most Recent Articles

Untethered iOS 12 Jailbreak Demoed by Ali Security
Untethered iOS 12 Jailbreak Demoed by Ali Security
iOS 12 Now Available for Download: Compatible Devices
iOS 12 Now Available for Download: Compatible Devices
iPhone X Discontinued, iPhone 8 and iPhone 7 Prices Slashed
iPhone X Discontinued, iPhone 8 and iPhone 7 Prices Slashed
Apple iPhone Xs, iPhone Xs Max, and iPhone Xr Announced
Apple iPhone Xs, iPhone Xs Max, and iPhone Xr Announced
Apple Watch Series 4 Announced With Larger Display, Louder Speaker, and More
Apple Watch Series 4 Announced With Larger Display, Louder Speaker, and More

Follow Our How To Guides

How To: Upgrade To iOS 6 Beta 1 Without A Developer UDID On iPhone, iPod Touch, iPad
How To: Upgrade To iOS 6 Beta 1 Without A Developer UDID On iPhone, iPod Touch, iPad
How To: Jailbreak iPhone, iPod Touch Or iPad With Broken Buttons Using RedSn0w 0.9.14b2 [Mac OS X]
How To: Jailbreak iPhone, iPod Touch Or iPad With Broken Buttons Using RedSn0w 0.9.14b2 [Mac OS X]
How To Use WhatsApp On iPad Or iPod Touch Running iOS 8.4
How To Use WhatsApp On iPad Or iPod Touch Running iOS 8.4
How To: Easily Backup Your Unlocked iPhone's (SAM) Activation Ticket With RedSn0w 0.9.10b8
How To: Easily Backup Your Unlocked iPhone's (SAM) Activation Ticket With RedSn0w 0.9.10b8
Learn How To Create A Complete WinterBoard Theme From Scratch For Cydia [Part One]
Learn How To Create A Complete WinterBoard Theme From Scratch For Cydia [Part One]
About | Contact | Advertise | RSS Feed | Sitemap | TOS | Privacy Policy

© Copyright 2010 - 2021 iJailbreak. All Rights Reserved.