SERIOUS: Update your iDevice and don’t use Safari!


In case you haven’t heard: There is a SERIOUS Bug in iOS/OS X, which is affecting SSL/TSL and basically rendering it ineffective. SSL/TSL is used to encrypt and protect data send via secure connections, e.g. using HTTPS to shop with Amazon, or for your online banking, or sending your passwords encrypted to the networks, e.g. Mail passwords, etc. You are especially vulnerable if you’re outside your secured network (e.g. office or home network), i.e. in a shared network, such as wireless hotspots, mobile network, etc.

Both iOS and OS X are affected, for iOS Apple has already released patches, and they even include the devices that are officially not supported anymore, i.e. 3GS and iPod Touch. For those devices you are to UPDATE to version 6.1.6, all newer devices are to UPDATE to version 7.0.6.

Unfortunately for OS X the patch is still developed, so here you’ll want to check your software status regularly and untill then DO NOT use the Safari browser. You’ll be fine using Firefox, Opera or Chrome, which offer their own implementation of SSL/TSL.

Other applications affected are:

  • Calendar
  • Facetime
  • Keynote
  • Twitter
  • Mail
  • iBooks
  • Software Update

Or to put it short: all Apple software (and third-party software using the Apple Security Framework) that provides ways to connect to servers. It should be relatively safe using these applications at home, but UNDER NO CIRCUMSTANCES should you use them in wireless networks that other people can use as well, i.e. anywhere outside your secured home network.

For more information also read the article Why Apples Huge Security Flaw is so Scary!

Advertisements