Tag: Vulnerability

Posted on

WPA2 Wi-Fi Vulnerability

This just in.

From BleepingComputer:

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack.

Yikes!

Also from BleepingComputer:

List of Firmware & Driver Updates for KRACK WPA2 Vulnerability

Posted on

Apple releases fix for SSL Vulnerability in OS X Mavericks, Mountain Lion and Lion

In the morning of Tuesday, February 25, 2014 Apple releases fix for SSL Vulnerability in OS X Mavericks, Mountain Lion and Lion.

The fix for SSL Vulnerability is included in OS X Mavericks 10.9.2.

Safari on OS X Mavericks 10.9.2 passed the goto fail test.

OS X Mavericks 10.9.2 Safari goto fail test

OS X Mavericks 10.9.2 Update

This update:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder

For detailed information about this update, please visit: About the OS X Mavericks 10.9.2 Update

Security Update 2014-001 (Mountain Lion)

Security Update 2014-001 (Lion)

——-

The SSL Vulnerability is currently present in iOS 7.1 beta 5 build 11D5145e. According to an Apple engineer, a new build of iOS 7.1 beta is coming “really soon”.