What is SSL Security Bug in iOS and Mac And How To Patch It

It all started with an error in code, just like so many other vulnerabilities. The SSL/TLS vulnerability we are talking about is serious. The Verge has even gone so far to say that this flaw has existed since 18 months and it might be used by the NSA to gain access to Apple devices.


This is how Apple describes it:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.

In layman’s terms it means that the data sent and received with Safari, Apple apps and any third party app that uses Apple’s own SSL system on iOS and Mac is not encrypted and secure.

What Exactly Went Wrong?

SSL (Secure Sockets Layer) and TSL (Transport Layer Security) are a set of technologies that establish a secure and encrypted connection between your computer and the server. The error in code made the signature verification part of this process to fail.

Which means that the system can check if the security certificate is secure or not but it cannot check who signed the certificate. And that means a forged signature request can go through the system without any problems.

The SSL bug makes it easy for hackers to gain access to sensitive information like usernames,passwords, and credit card info when using apps that use Apple’s SSL system for encryption.

Please Update

The bug affects iOS devices between iOS 6 to iOS 7.0.5, Apple TV and OS X Mavericks. Apple has pushed the following updates for its users.

Updates for iOS

iOS 7.0.6 update for iOS 7 users.

iOS 6.1.6 update for iOS 6 users.

iOS 6.0.2 update for Apple TV owners.

Update for Mac

OS X 10.9.2 update for Mavericks.

If you are not up-to-date on any of these version, you need to hit that update button fast. What if my device is jailbroken you ask? We have a solution for you as well.

Solution For Jailbreakers

If your iPhone or iPad is jailbroken, you are in luck. You don’t need to update iOS to patch this vulnerability. Installing a tweak by Ryan Petrich from Cydia will do the trick. Here’s how you can do that.

SSL Patch   SSL Patch info

Step 1: Go into Manage, tap Edit and then Add.

Step 2: In the text field add this URL – http://rpetri.ch/repo and tap Add Source

Step 3: You are now subscribed to Ryan’s repo. Go back to Cydia, click Search and search forSSLPatch.

Step 4: Now click Install and then choose Confirm. The patch will be installed. Click on Reboot Device when prompted.

To make sure the tweak was installed and works properly, go to gotofail.com and it should say “Safe”.

SSL patch working

And as always, stay safe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s