Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
OS X Vulnerable to SSL Bug Patched in iOS 7.0.6 Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
Where do you get this from? 10.6 does not have this bug when I test it here, the double goto does not exist in the source for 10.8, and 10.7 use different code all together as does 10.6. This is also what Adam Langley seems to think:
But... but... but... Macs don't get viruses!
This is not a virus, it's a stupid bug they were called out on. Plus everyone knows when Apple screws up and has a bug the tech media goes bonkers.
If this was a vulnerability in Flash, Windows, or Android there would be no end to the bashing that would be going on. Yet since it is Apple, users seem to be more accepting and are defending the company. Interesting indeed.
I understand where you're coming from, but, no.
The reason people would bash Adobe in the case of flash (and similarly Google/Microsoft) is they have had a LOT more security problems in the past and it all accumulates. After a few security problem's, you'd think they would learn to go through it as closely as possible. But they don't.
Apple don't get as much ***** from people for this because this sort of thing is quite rare in their systems, and they make an effort to fix it without trying to divert attention away or cover it up.
And if you look, they have fixed many security issues without the need for people to find them and complain.
Essentially, people don't go crazy at Apple for this stuff because it's rare and they handle it really well.
There is no version of iOS 6 with this patch. You'll need to upgrade to iOS 7 to get this patch. :/
Ha ha, go easy on me. I didn't program for a living so it took me some time to understand SSL, and then why this simple bug messed everything up.
There are actually good reasons to use goto-statements in many cases and it's actually closer to what the machine does behind the scenes.
Genereally speaking, though, gotos can lead to unreadable code if overused.
This example shows a much more drastic problem: The shorthand if-statements without block-identifiers ({}). I'm sure this bug could've been prevented if they had ruled out this programming style in their coding guidelines.
Interesting!! Guess me not using wifi other than my own secure home network is a good thing. I can't be bothered logging onto a wifi network everywhere I go. LTE all the way with wifi shut off, works for me.
The cellular network is vulnerable as well, but it's more complicated to do than setting up a "FREE WIFI" network in a public place. Google "rogue cell tower."
In the US, you're unlikely to encounter one of those but know that the NSA, who already spy on cell network traffic, now have an even easier way to see all of the contents of that traffic.
I guess I needed to read more carefully:
"Apple has also released iOS 6.1.6 (build 10b500) for the iPhone 3GS and fourth-generation iPod touch."
Probably if you can upgrade to 7, you get 7.06, even you are still on IOS 6. I guess this is a really good way for Apple to get more people on 7.
Nope. Only 10.9 (Mavericks) is affected.
----------
It could be exploited at any point on the network between you and the server you're connecting to.
You're right, however, that this probably isn't too interesting to NSA spooks. But it's very interesting to someone who might want to steal your email password, credit card numbers, online banking password, etc.
Yes, in this case the use of gotos is quite reasonable, considering it's C code with the absence of higher-level language features like SEH (for try/finally) or C++ destructors.
Or if they'd built with the compiler option to warn about dead code. I'm pretty sure Xcode's "Build and Analyze" does this.
Fail^2
While the bug is already a big fail, unit testing and code review seriously? It is an even bigger fail not to release the security updates for iOS and Mac the same day, (ok, server load and all, but they could have made it independently of the next big feature 10.9.x like the Apple Mail fix or such and loaded servers are still better than leaving all users insecure in the wild, ). :-/
While the bug is already a big fail, unit testing and code review seriously? It is an even bigger fail not to release the security updates for iOS and Mac the same day, (ok, server load and all, but they could have made it independently of the next big feature 10.9.x like the Apple Mail fix or such and loaded servers are still better than leaving all users insecure in the wild, ). :-/
How convenient. Apple will force everyone with a device capable of installing iOS7 to install it one way or another.... and then "brag" about the adoption of iOS 7.
How convenient. Apple will force everyone with a device capable of installing iOS7 to install it one way or another.... and then "brag" about the adoption of iOS 7.
You may consider sending feedback to Apple requesting parallel updates for users remaining on iOS 6. Several of us did yesterday. I'm not hopeful. At this point I feel as if Apple will force iOS 7 on users whatever it takes. I hope I am wrong.
Fairly awful mistake to make. Perhaps it is about time for somebody to develop a programming environment with the goal of eliminating bugs. Any time somebody types any code, or cuts and pastes, the potential for this kind of thing occurs. It never ceases to maze me that we continue to blame programmers when the languages/developing environments are at fault.
The programming environments that are developed or used can also have bugs. And when a human element is still involved at some point there will still be potential for mistakes as will. Nothing is ever really problem-free when it comes to complex things like computing.
Keep in mind that Chrome releases updates every few weeks on average with usually at least some of them if not a lot of them addressing some sort of security holes/issues.
Happens with almost every browser and prertty much any OS and software in general.
yes - that more people could be affected by the bug on iOS than OS X. something that isn't surprising at all.
doom! doooom!! only apple is susceptible to bugs! steve jobs would never have!
bugs happen, dude. trust me. get over it.
ok now I know you're just kidding around. bahahahahaha. good one.
----------
READ: Introduced in 10.9. I tested my Safari (running 10.8.5), and it's fine. Yet another Mavericks bug
you sound young. if you think mavericks is the only version of OS X to have a security bug, I've got a Surface to sell you.
meanwhile, I've gotten a lot of value out of my software.
----------
$158.8 billion in cash reserves, and they don't hire a single security expert/programmer which at least skims through the core SSL code?
clearly you aren't an enterprise dev. I am, fortune 100. we find bugs, too.
think: how do you think they found it? elves?
----------
guess we aren't reading the same posts. see above.
you're stating something as fact when it is not. I'm a independent contractor to fortune 100 enterprise IT organizations. names and brands you know daily. and I can tell you that simply isn't always true. just as the best practices aren't followed 100% in any other trade. why? because mistakes happen. why? because human.
----------
can you link us to instances where they said very soon but it wasn't?