Apple Issues Security Fixes for iOS, Mac and AirPort Extreme

Apple has just pushed out software updates that fix security vulnerabilities on the iPhone and iPad and certain versions of Mac OS X Mountain Lion and Mavericks. It has also circulated a second update that patches a vulnerability that exposes the most recent model of AirPort Extreme to the Heartbleed bug.

First the Heartbleed issue: The update applies only to the latest model of AirPort Extreme and Time Capsule introduced last June. The updates correct a weakness in OpenSSL, the security software hit by the Heartbleed bug, that existed only when Apple’s Back to My Mac feature was enabled. It doesn’t affect older AirPorts and Time Capsules.

The other updates for the iPhone and iPad correct a flaw that would allow an attacker to bypass certain encryption protections that are meant to prevent eavesdropping on data traffic.

According to advisories posted by Apple to the Bugtraq mailing list, (see here) the flaw would allow an attacker to carry out what’s know as a “triple handshake,” essentially establishing two connections at once with the same encryption keys. Once complete, the attacker could renegotiate the connections with his or her own data and cause the connections to forward to each other. This would allow the capture of data — essentially eavesdropping — or the changing of operations performed during a remote SSL session.

A third patch issued for Mac OS (Bugtraq post here) fixes several vulnerabilities. One would allow an attacker to strip away the security settings of a Web connection by forcing an early close of the connection. Another would allow the creators of malicious websites to execute arbitrary code or terminate applications running on the system of a visitor.

It has been an eventful few months on the Apple security front. Earlier this year the company patched another SSL vulnerability known as Gotofail that would allow attackers to bypass security protocols.

This article originally appeared on Recode.net.

Will you support Vox’s explanatory journalism?

Most news outlets make their money through advertising or subscriptions. But when it comes to what we’re trying to do at Vox, there are a couple of big issues with relying on ads and subscriptions to keep the lights on:

First, advertising dollars go up and down with the economy. We often only know a few months out what our advertising revenue will be, which makes it hard to plan ahead.

Second, we’re not in the subscriptions business. Vox is here to help everyone understand the complex issues shaping the world — not just the people who can afford to pay for a subscription. We believe that’s an important part of building a more equal society. And we can’t do that if we have a paywall.

So even though advertising is still our biggest source of revenue, we also seek grants and reader support. (And no matter how our work is funded, we have strict guidelines on editorial independence.)

If you also believe that everyone deserves access to trusted high-quality information, will you make a gift to Vox today? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via