Loading ...
Sorry, an error occurred while loading the content.

Why Apple's Recent Security Flaw Is So Scary

Expand Messages
  • John Rethorst
    http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062 http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-
    Message 1 of 11 , Mar 1, 2014
    • 0 Attachment
    • Chad Smith
      tl:dr - Everyone update their iOS / Mac OS devices *Right Now* *- Chad W. Smith*
      Message 2 of 11 , Mar 1, 2014
      • 0 Attachment
        tl:dr - Everyone update their iOS / Mac OS devices *Right Now*
      • Hugh Dobbs
        Ummm I m running OSX 10.4.11 on an iMac which is officially extinct (according to Apple). Haven t had anything through Software Update for years. Suspect it is
        Message 3 of 11 , Mar 1, 2014
        • 0 Attachment
          Ummm
          I'm running OSX 10.4.11 on an iMac which is officially extinct (according
          to Apple). Haven't
          had anything through Software Update for years. Suspect it is immune
          anyway!
          iPad fixed.
          iPhone pending...
          Hugh
          >tl:dr - Everyone update their iOS / Mac OS devices *Right Now*
          >
          >*- Chad W. Smith*
          >
          >
          >2014-03-01 13:56 GMT-06:00 John Rethorst <johnrethorst@...>:
          >
          >>
          >>
          >> http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062
          >>
          >> http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-
          >> and-ios-706-patch/index.html
          >>
          >> http://www.reuters.com/article/2014/02/25/us-apple-security-
          >> idUSBREA1O1Q820140225
          >>
          >> John R.
          >>
          >>
          >
          >
          >
          http://www.iol.ie
        • mxytsplyk
          Another reason why I never run the latest version of anything ;-) On Sat, 01 Mar 2014 09:56:01 -1000, John Rethorst ... -- Using
          Message 4 of 11 , Mar 1, 2014
          • 0 Attachment
            Another reason why I never run the latest version of anything ;-)

            On Sat, 01 Mar 2014 09:56:01 -1000, John Rethorst <johnrethorst@...> wrote:

             

            http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062

            http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-
            and-ios-706-patch/index.html

            http://www.reuters.com/article/2014/02/25/us-apple-security-
            idUSBREA1O1Q820140225

            John R.




            --
            Using Opera's mail client: http://www.opera.com/mail/
          • Chad Smith
            The flaw has been a part of iOS since 6.0 - and in Mac OS X for who knows how long. Running the latest version is actually the only way to close this bug. *-
            Message 5 of 11 , Mar 1, 2014
            • 0 Attachment
              The flaw has been a part of iOS since 6.0 - and in Mac OS X for who knows how long.

              Running the latest version is actually the only way to close this bug.

              - Chad W. Smith


              On Sat, Mar 1, 2014 at 3:55 PM, mxytsplyk <mxytsplyk@...> wrote:
              Another reason why I never run the latest version of anything ;-)
              --
              Using Opera's mail client: http://www.opera.com/mail/

            • C.W. Betts
              I think it only affected Mavericks. And Apple did push security updates to Lion and Mountain Lion.
              Message 6 of 11 , Mar 1, 2014
              • 0 Attachment
                I think it only affected Mavericks. And Apple did push security updates to Lion and Mountain Lion.

                On Mar 1, 2014, at 4:55 PM, Chad Smith <chad78@...> wrote:

                The flaw has been a part of iOS since 6.0 - and in Mac OS X for who knows how long.
                Running the latest version is actually the only way to close this bug.

              • Chad Smith
                If it pushed updates to those older OSes - that means it affected them, too. So maybe you re not having to get the latest version of the OS entirely - but you
                Message 7 of 11 , Mar 1, 2014
                • 0 Attachment
                  If it pushed updates to those older OSes - that means it affected them, too.  So maybe you're not having to get the latest version of the OS entirely - but you do need to get the latest version of *that* OS in order to fix the exploit.

                  - Chad W. Smith


                  On Sat, Mar 1, 2014 at 6:13 PM, C.W. Betts <Computers57@...> wrote:
                   

                  I think it only affected Mavericks. And Apple did push security updates to Lion and Mountain Lion.


                  On Mar 1, 2014, at 4:55 PM, Chad Smith <chad78@...> wrote:

                  The flaw has been a part of iOS since 6.0 - and in Mac OS X for who knows how long.
                  Running the latest version is actually the only way to close this bug.


                • em315
                  The security flaw affected IOS 6 and 7 and OS X 10.9 Mavericks only; not earlier versions of OS X - not 10.6, not 10.7, not 10.8. This is widely documented,
                  Message 8 of 11 , Mar 2, 2014
                  • 0 Attachment
                    The security flaw affected IOS 6 and 7 and OS X 10.9 Mavericks only; not earlier versions of OS X - not 10.6, not 10.7, not 10.8. This is widely documented, but see, e.g.:

                  • hnd101
                    I don t think that was the link you meant to send us! Hugh
                    Message 9 of 11 , Mar 2, 2014
                    • 0 Attachment
                      I don't think that was the link you meant to send us!
                      Hugh
                    • sardisson
                      ... Agreed. Perhaps it was meant to be this one: http://support.apple.com/kb/HT6150 which shows the security fixes included in 10.9.2 and Security Update
                      Message 10 of 11 , Mar 2, 2014
                      • 0 Attachment
                        > I don't think that was the link you meant to send us!
                        > Hugh

                        Agreed. Perhaps it was meant to be this one:

                        http://support.apple.com/kb/HT6150

                        which shows the security fixes included in 10.9.2 and Security Update 2014-001 for 10.7/10.8? The "scary bug" is the "Data Security" one, which is 10.9.x-only.

                        Obviously, if you are running 10.7.x or 10.8.x, you should get the update to fix the other issues mentioned in the document.

                        (BTW, is it just me, or is this new Y!Groups interface getting *worse* over time? :-P )
                      • em315
                        Right! Actually, it was this one: http://hasgotofailbeenfixedyet.com/ http://hasgotofailbeenfixedyet.com/ It s one of many sites that spells out which versions
                        Message 11 of 11 , Mar 2, 2014
                        • 0 Attachment
                          Right! Actually, it was this one:
                          It's one of many sites that spells out which versions are infected.
                          Apologies for sending people on a wild goose chase.
                        Your message has been successfully submitted and would be delivered to recipients shortly.