Critical Patches for both Apple & Microsoft
Critical SSL/TLS Security Flaw Revealed for Apple Devices
Apple released an update to the IPhone and IPad operating system on Friday, February 24, 2014 to address a critical security flaw.
The new iOS version, 7.0.6, fixes a bug that allows an intruder to get “in the middle” of what appears to be a secure SSL/TLS session. Secure SSL/TLS sessions are the type used, among other things, for online shopping and online banking. Our advice: upgrade your iOS device immediately.
The bug also exists in the OS X operating system, and that has not yet been corrected. Apple indicates a fix should be coming “soon” (see Reuters article here).
This leaves Mac users still vulnerable until Apple provides the patch. Our advice to Mac users: don’t use Safari for any SSL/TLS sessions; use Chrome instead.
Important Patch for Internet Explorer 9 and 10
Microsoft has released a patch for IE 9 and 10 users that limits a ‘remote code execution’ vulnerability. (Users of IE 8 and 11 are not impacted). If you are not on automatic patching, see this Microsoft Security Advisory for details on the impacted software and the Fix It solution available to immediately apply the patch.
If you have any questions about the impact of these vulnerabilities, please give me a call.
Leave a Reply