SSL Vulnerability presents in iOS 7.1 beta and OS X Mavericks 10.9.2 Developer Preview

Apple released iOS 6.1.6 and iOS 7.0.6 to address an SSL vulnerability issue on Friday, February 21, 2014. According to reports, the same vulnerability presents in the current build of OS X Mavericks 10.9.1, OS X Mavericks 10.9.2 build 13C62 and iOS 7.1 beta build 11D5145e.

Based on goto fail; test Google Chrome, Mozilla Firefox and Camino on OS X are not affected by this vulnerability. Camino browser was no longer developed as of May 31, 2013.

iOS 7.1 beta 5 build 11D5145e SSL Vulnerability

Apple is expected to fix this SSL vulnerability issue in the upcoming build of iOS 7.1 and OS X Mavericks (10.91 and 10.9.2 Developer Preview).

John Gruber wrote a great post on Daring Fireball regarding this SSL vulnerability issue and NSA exploits on iOS.

According to Jeffrey Grossman’s tweet (Jeffrey903):

I have confirmed that the SSL vulnerability was introduced in iOS 6.0. It is not present in 5.1.1 and is in 6.0 /cc @markgurman

Tin foil hat might be handy, as a sleeper NSA agent might be working at Apple.

90403