The IT Nerd

Apple HQ must be less than please with the public disclosure of vulnerabilities in both OS X and iOS. They are:

• The first security flaw makes about 1500 iPhone and iPad apps vulnerable to hackers who could leverage the vulnerability to steal passwords, bank account information, and a handful of other sensitive information according to Ars Technica. The flaw allows anyone generating a fake Wi-Fi hotspot access to a user’s data on that same Wi-Fi connection. Discovered by security analytics firm SourceDNA last month, the “man-in-the-middle” attack was fixed in a 2.5.2 update to AFNetworking, the open-source code which housed the vulnerability. But some developers have not implemented this fix, leaving their apps, and you by extension at risk.
• The other flaw, called “Rootpipe” is one that was discovered in October but actually dates back to 2011. The flaw essentially allows a hidden backdoor to be created on a particular system, opening up root access of a computer to a hacker after they obtain local privileges on the device. Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited. Apple intended to patch the Rootpipe vulnerability in OS X 10.10.3 earlier this month, although older versions of OS X were left vulnerable which sucks for those users. But as reported by Forbes, former NSA agent Patrick Wardle has discovered the flaw to still be present on Macs running OS X 10.10.3, as well as older versions.

There’s been no comment from Cupertino on these flaws, but you can bet that someone might be working on doing something about them. I hope.

This entry was posted on April 22, 2015 at 6:46 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.