What is SSL Security Bug in iOS and Mac And How To Patch It

It all started with an error in code, just like so many other vulnerabilities. The SSL/TLS vulnerability we are talking about is serious. The Verge has even gone so far to say that this flaw has existed since 18 months and it might be used by the NSA to gain access to Apple devices.

4333178624 F91F847Edc Z

This is how Apple describes it:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.

In layman’s terms it means that the data sent and received with Safari, Apple apps and any third party app that uses Apple’s own SSL system on iOS and Mac is not encrypted and secure.

What Exactly Went Wrong?

SSL (Secure Sockets Layer) and TSL (Transport Layer Security) are a set of technologies that establish a secure and encrypted connection between your computer and the server. The error in code made the signature verification part of this process to fail.

Which means that the system can check if the security certificate is secure or not but it cannot check who signed the certificate. And that means a forged signature request can go through the system without any problems.

The SSL bug makes it easy for hackers to gain access to sensitive information like usernames, passwords, and credit card info when using apps that use Apple’s SSL system for encryption.

If you want a more technical explanation about this process check out the blog posts by Adam Langley and Ashkan Soltani.

Please Update

The bug affects iOS devices between iOS 6 to iOS 7.0.5, Apple TV and OS X Mavericks. Apple has pushed the following updates for its users.

Updates for iOS

iOS 7.0.6 update for iOS 7 users.

iOS 6.1.6 update for iOS 6 users.

iOS 6.0.2 update for Apple TV owners.

Update for Mac

OS X 10.9.2 update for Mavericks.

If you are not up-to-date on any of these version, you need to hit that update button fast. What if my device is jailbroken you ask? We have a solution for you as well.

Solution For Jailbreakers

If your iPhone or iPad is jailbroken, you are in luck. You don’t need to update iOS to patch this vulnerability. Installing a tweak by Ryan Petrich from Cydia will do the trick. Here’s how you can do that.

2014 02 25 17 49 38
2014 02 25 17 49 47

Step 1: Go into Manage, tap Edit and then Add.

Step 2: In the text field add this URL – http://rpetri.ch/repo and tap Add Source

Step 3: You are now subscribed to Ryan’s repo. Go back to Cydia, click Search and search for SSLPatch.

Step 4: Now click Install and then choose Confirm. The patch will be installed. Click on Reboot Device when prompted.

To make sure the tweak was installed and works properly, go to gotofail.com and it should say “Safe”.

2014 02 25 18 29 02

And as always, stay safe.

Top image credit: Martin Abegglen

Last updated on 03 February, 2022

The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.