clock menu more-arrow no yes mobile

Filed under:

Researcher: Array of Apple Apps Vulnerable to "Gotofail" Attack

Apple's Calendar, FaceTime, Keynote, iBooks and Mail apps appear susceptible.

Milagli / Shutterstock

If you stopped using the Safari browser while patiently awaiting Apple’s OS X patch for the “Gotofail” security vulnerability publicized over the weekend, that’s smart.

Now strongly consider giving up Apple’s Calendar, FaceTime, Keynote, iBooks and Mail apps, as well as the Twitter Mac desktop client.

According to respected security researcher Ashkan Soltani, all of those products appear vulnerable to the same avenue of attack.

This is not a minor bug, as other reporters and security researchers have stressed.

An attacker could exploit the flaw to bypass the standard “SSL/TLS” security verification between devices and servers, enabling what’s known as a “man-in-the-middle attack.” Using this approach, a lurker can intercept the data flowing between your computer and a network connection, notably including a Wi-Fi signal in your neighborhood coffee shop.

Apple fixed the Gotofail fail for its mobile operating system on Friday, but has yet to issue an update for its desktop software. The company said Saturday that another patch would come “very soon,” but as of late afternoon Sunday it had yet to arrive.

This article originally appeared on