Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious “goto” in one part of Apple’s authentication code that accidentally bypasses the rest of it.
Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption — the internet’s standard defense against eavesdropping and web hijacking. The bug essentially means that when you’re e-mailing, tweeting, using Facebook or checking your bank account from a shared network, like a public WiFi or anything tapped by the NSA, an attacker could be listening in, or even maliciously modifying what goes to your iPhone or iPad.
No comments:
Post a Comment