This is how Apple describes it: In layman’s terms it means that the data sent and received with Safari, Apple apps and any third party app that uses Apple’s own SSL system on iOS and Mac is not encrypted and secure.
What Exactly Went Wrong?
SSL (Secure Sockets Layer) and TSL (Transport Layer Security) are a set of technologies that establish a secure and encrypted connection between your computer and the server. The error in code made the signature verification part of this process to fail. Which means that the system can check if the security certificate is secure or not but it cannot check who signed the certificate. And that means a forged signature request can go through the system without any problems. The SSL bug makes it easy for hackers to gain access to sensitive information like usernames, passwords, and credit card info when using apps that use Apple’s SSL system for encryption. If you want a more technical explanation about this process check out the blog posts by Adam Langley and Ashkan Soltani.
Please Update
The bug affects iOS devices between iOS 6 to iOS 7.0.5, Apple TV and OS X Mavericks. Apple has pushed the following updates for its users.
Updates for iOS
iOS 7.0.6 update for iOS 7 users. iOS 6.1.6 update for iOS 6 users. iOS 6.0.2 update for Apple TV owners.
Update for Mac
OS X 10.9.2 update for Mavericks. If you are not up-to-date on any of these version, you need to hit that update button fast. What if my device is jailbroken you ask? We have a solution for you as well.
Solution For Jailbreakers
If your iPhone or iPad is jailbroken, you are in luck. You don’t need to update iOS to patch this vulnerability. Installing a tweak by Ryan Petrich from Cydia will do the trick. Here’s how you can do that. Step 1: Go into Manage, tap Edit and then Add. Step 2: In the text field add this URL – http://rpetri.ch/repo and tap Add Source Step 3: You are now subscribed to Ryan’s repo. Go back to Cydia, click Search and search for SSLPatch. Step 4: Now click Install and then choose Confirm. The patch will be installed. Click on Reboot Device when prompted. To make sure the tweak was installed and works properly, go to gotofail.com and it should say “Safe”. And as always, stay safe. Top image credit: Martin Abegglen The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.