Lansand iOS 7.0.6, compania Apple a anuntat utilizatorii ca update-ul rezolva o problema de securitate care privea conexiunile SSL, fara a oferi detalii suplimentare in legatura cu aceasta vulnerabilitate. Practic vorbim despre o vulnerabilitate majora a protocolului SSL utilizat de catre iOS 7, hackerii putand intercepta foarte usor orice fel de date transmise intre un iDevice si un website protejat printr-o conexiune SSL, bugul de securitate fiind prezent inclusiv in OS X Mavericks-ul care nu a fost actualizat de catre Apple.
To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).
Practic orice iDevice care nu are iOS 7.0.6 instalat este vulnerabil in fata unui atac de acest gen, hackerii putand pacali utilizatorii facandu-i sa creada ca acceseaza un website verificat si sigur, cand in realitate ei se conecteaza la un server pirat. In acest mod hackerii pot fura date confidentiale ale utilizatorilor si aici vorbim despre parole si username-uri pentru orice fel de website-uri, informatii bancare, sau orice fel de alte informatii pe care nu le-ati introduce in orice website.
Problema de securitate este prezenta inclusiv in cel mai recent beta build al OS X Mavericks, deci vorbim despre o problema complexa pe care Apple nu a rezolvat-o total. Avand in vedere ca iOS 7.0.6 nu repara altceva in afara acestei probleme de securitate, este recomandabil sa il instalati cat inca aveti ocazia.
