BugFight Mac OS
It all started with an error in code, just like so many other vulnerabilities. The SSL/TLS vulnerability we are talking about is serious. The Verge has even gone so far to say that this flaw has existed since 18 months and it might be used by the NSA to gain access to Apple devices.
Mac OS X Leopard (version 10.5) is the sixth major release of macOS, Apple's desktop and server operating system for Macintosh computers. Leopard was released on October 26, 2007 as the successor of Mac OS X 10.4 Tiger, and is available in two editions: a desktop version suitable for personal computers, and a server version, Mac OS X Server.It retailed for $129 for the desktop version and $499. Support Communities / Mac OS & System Software / macOS Mojave Looks like no one’s replied in a while. To start the conversation again, simply ask a new question. User profile for user: migueldlt10 migueldlt10 User level: Level 1 (10 points) macOS. Mac users should update immediately. Justin Sullivan/Getty One reason why Apple scrambled to fix the issue in about 24 hours is because the bug really does expose users to basically anything.
This is how Apple describes it:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.
In layman’s terms it means that the data sent and received with Safari, Apple apps and any third party app that uses Apple’s own SSL system on iOS and Mac is not encrypted and secure.
What Exactly Went Wrong?
SSL (Secure Sockets Layer) and TSL (Transport Layer Security) are a set of technologies that establish a secure and encrypted connection between your computer and the server. The error in code made the signature verification part of this process to fail.
Which means that the system can check if the security certificate is secure or not but it cannot check who signed the certificate. And that means a forged signature request can go through the system without any problems.
The SSL bug makes it easy for hackers to gain access to sensitive information like usernames, passwords, and credit card info when using apps that use Apple’s SSL system for encryption.
If you want a more technical explanation about this process check out the blog posts by Adam Langley and Ashkan Soltani.
Please Update
The bug affects iOS devices between iOS 6 to iOS 7.0.5, Apple TV and OS X Mavericks. Apple has pushed the following updates for its users.
Updates for iOS
iOS 7.0.6 update for iOS 7 users.
iOS 6.1.6 update for iOS 6 users.
iOS 6.0.2 update for Apple TV owners.
Update for Mac
OS X 10.9.2 update for Mavericks.
If you are not up-to-date on any of these version, you need to hit that update button fast. What if my device is jailbroken you ask? We have a solution for you as well.
Solution For Jailbreakers
If your iPhone or iPad is jailbroken, you are in luck. You don’t need to update iOS to patch this vulnerability. Installing a tweak by Ryan Petrich from Cydia will do the trick. Here’s how you can do that.
Step 1: Go into Manage, tap Edit and then Add.
Step 2: In the text field add this URL – http://rpetri.ch/repo and tap Add Source
Step 3: You are now subscribed to Ryan’s repo. Go back to Cydia, click Search and search for SSLPatch.
Step 4: Now click Install and then choose Confirm. The patch will be installed. Click on Reboot Device when prompted.
To make sure the tweak was installed and works properly, go to gotofail.com and it should say “Safe”.
And as always, stay safe.
Bugfight Mac Os 7
Top image credit: Martin Abegglen
The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.
Read Next
8 Best eBook Readers for iPhones
Want to read or continue reading
We design Mac hardware and software with advanced technologies that work together to run apps more securely, protect your data, and help keep you safe on the web. And with macOS Big Sur available as a free upgrade, it’s easy to get the most secure version of macOS for your Mac.*
Apple M1 chip.
A shared architecture for security.
The Apple M1 chip with built-in Secure Enclave brings the same powerful security capabilities of iPhone to Mac — protecting your login password, automatically encrypting your data, and powering file-level encryption so you stay safe. And the Apple M1 chip keeps macOS secure while it’s running, just as iOS has protected iPhone for years.
Apple helps you keep your Mac secure with software updates.
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. macOS checks for new updates every day and starts applying them in the background, so it’s easier and faster than ever to always have the latest and safest version.
Protection starts at the core.
Bugfight Mac Os Catalina
The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet.
Now apps from both the App Store and the internet can be installed worry-free. App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again.
Stay in control of what data apps can access.
Apps need your permission to access files in your Documents, Downloads, and Desktop folders as well as in iCloud Drive and external volumes. And you’ll be prompted before any app can access the camera or mic, capture keyboard activity, or take a photo or video of your screen.
FileVault 2 encrypts your data.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. Mac computers built on the Apple M1 chip take data protection even further by using dedicated hardware to protect your login password and enabling file-level encryption, which developers can take advantage of — just as on iPhone.
Designed to protect your privacy.
Bugfight Mac Os Download
Online privacy isn’t just something you should hope for — it’s something you should expect. That’s why Safari comes with powerful privacy protection technology built in, including Intelligent Tracking Prevention that identifies trackers and helps prevent them from profiling or following you across the web. A new weekly Privacy Report on your start page shows how Safari protects you as you browse over time. Or click the Privacy Report button in your Safari toolbar for an instant snapshot of the cross-site trackers Safari is actively preventing on that web page.
Automatic protections from intruders.
Safari uses iCloud Keychain to securely store your passwords across all your devices. If it ever detects a security concern, Password Monitoring will alert you. Safari also prevents suspicious websites from loading and warns you if they’re detected. And because it runs web pages in separate processes, any harmful code is confined to a single browser tab and can’t crash the whole browser or access your data.
Find your missing Mac with Find My.
The Find My app can help you locate a missing Mac — even if it’s offline or sleeping — by sending out Bluetooth signals that can be detected by nearby Apple devices. These devices then relay the detected location of your Mac to iCloud so you can locate it. It’s all anonymous and encrypted end-to-end so no one — including Apple — knows the identity of any reporting device or the location of your Mac. And it all happens silently using tiny bits of data that piggyback on existing network traffic. So there’s no need to worry about your battery life, your data usage, or your privacy being compromised.
Bugfight Mac Os X
Keep your Mac safe.
Even if it’s in the wrong hands.
All Mac systems built on the Apple M1 chip or with the Apple T2 Security Chip support Activation Lock, just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you.